db-derby-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rick Hillegas <Richard.Hille...@Sun.COM>
Subject Re: Starting the derby sever with ssl
Date Mon, 03 Nov 2008 20:08:11 GMT
Hi Reda,

I'm not an expert on the internals of Java's SSL support. Perhaps we'll 
get a response from someone who knows more than I do. My understanding 
was that the default key manager picks the first usable entry from the 
keystore and, for this reason, it's typical for a keystore to hold only 
one object. You can override this behavior by writing your own key 
manager. The following link may be useful:


Hope this helps,

Reda Jazouli wrote:
> Hi Rick, 
> thank you for your reply, but my question is how does java knows wich key it
> has to choose from the given keystore ?
> Thanks in advance
> Rick Hillegas-2 wrote:
>> Hi Reda,
>> The documentation on Derby's security features is scattered and hard to 
>> follow. You will find more information on how to configure SSL in the 
>> Derby Server and Administration Guide in a section titled "Network 
>> encryption and authentication with SSL/TLS". You will probably want to 
>> set several startup options. Something like the following:
>> java -Djavax.net.ssl.keyStore=serverKeyStore.key \
>>      -Djavax.net.ssl.keyStorePassword=qwerty \
>>      -Djavax.net.ssl.trustStore=serverTrustStore.key \
>>      -Djavax.net.ssl.trustStorePassword=qwerty \
>>      -jar derbyrun.jar server start -ssl peerAuthentication
>> More examples of how to configure Derby's SSL support can be found in 
>> the security white paper located here: 
>> http://developers.sun.com/javadb/reference/whitepapers/index.jsp
>> Hope this helps,
>> -Rick
>> Reda Jazouli wrote:
>>> Hi, 
>>> As mentioned in the Derby tuning guide, its possible to start the derby
>>> server in the way that is accepts only ssl connections.
>>> Its only required to give at startup a java keystore and a the keystores
>>> password.
>>> My question is, how does the server know wich key is to use from the
>>> given
>>> keystore ?? 
>>> I thought that there is a java property that has to be set before startup
>>> and that indicates wich key from the given keystore, has to be used.
>>> Thanks im advance.
>>> Reda

View raw message