db-derby-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rick Hillegas <Richard.Hille...@Sun.COM>
Subject Re: Starting the derby sever with ssl
Date Mon, 03 Nov 2008 20:08:11 GMT
Hi Reda,

I'm not an expert on the internals of Java's SSL support. Perhaps we'll 
get a response from someone who knows more than I do. My understanding 
was that the default key manager picks the first usable entry from the 
keystore and, for this reason, it's typical for a keystore to hold only 
one object. You can override this behavior by writing your own key 
manager. The following link may be useful:

http://books.google.com/books?id=EhX9BjHj9M4C&pg=PA314&lpg=PA314&dq=java+keystore+vs+truststore&source=web&ots=sNVm3qmI-U&sig=UOihfFE_1MJC625sAVhd1yrUUJQ#PPA328,M1

Hope this helps,
-Rick

Reda Jazouli wrote:
> Hi Rick, 
> thank you for your reply, but my question is how does java knows wich key it
> has to choose from the given keystore ?
>
> Thanks in advance
>
> Rick Hillegas-2 wrote:
>   
>> Hi Reda,
>>
>> The documentation on Derby's security features is scattered and hard to 
>> follow. You will find more information on how to configure SSL in the 
>> Derby Server and Administration Guide in a section titled "Network 
>> encryption and authentication with SSL/TLS". You will probably want to 
>> set several startup options. Something like the following:
>>
>> java -Djavax.net.ssl.keyStore=serverKeyStore.key \
>>      -Djavax.net.ssl.keyStorePassword=qwerty \
>>      -Djavax.net.ssl.trustStore=serverTrustStore.key \
>>      -Djavax.net.ssl.trustStorePassword=qwerty \
>>      -jar derbyrun.jar server start -ssl peerAuthentication
>>
>> More examples of how to configure Derby's SSL support can be found in 
>> the security white paper located here: 
>> http://developers.sun.com/javadb/reference/whitepapers/index.jsp
>>
>> Hope this helps,
>> -Rick
>>
>> Reda Jazouli wrote:
>>     
>>> Hi, 
>>> As mentioned in the Derby tuning guide, its possible to start the derby
>>> server in the way that is accepts only ssl connections.
>>>
>>> Its only required to give at startup a java keystore and a the keystores
>>> password.
>>>
>>> My question is, how does the server know wich key is to use from the
>>> given
>>> keystore ?? 
>>> I thought that there is a java property that has to be set before startup
>>> and that indicates wich key from the given keystore, has to be used.
>>>
>>> Thanks im advance.
>>>
>>> Reda
>>>   
>>>       
>>
>>     
>
>   


Mime
View raw message