directory-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kiran Ayyagari <kayyag...@apache.org>
Subject Re: Where can I get the client certificate?
Date Fri, 13 Mar 2015 07:58:10 GMT
On Fri, Mar 13, 2015 at 1:09 PM, Marc Boorshtein <mboorshtein@gmail.com>
wrote:

> Correct.
> On Mar 12, 2015 8:24 PM, "Kiran Ayyagari" <kayyagari@apache.org> wrote:
>
>>
>>
>> On Fri, Mar 13, 2015 at 4:48 AM, Marc Boorshtein <mboorshtein@gmail.com>
>> wrote:
>>
>>> I'm using ApacheDS as the LDAP front end for MyVD.  Its been working
>>> great for months.  Here's my question, where can I get a client certificate
>>> from? (in instances where ssl client authentication is being used for SSL
>>> connections).
>>>
>>> so to be clear you are trying to verify the certificate of the client
>> that is connecting to ApacheDS, correct?
>>
> currently this is not supported by the server, it just accepts all
certificates of all clients.

This can be supported easily by allowing admins to configure either
1. a custom TrustManager or
2. a truststore file.
3. or both
I personally prefer 1 cause that will allow for a custom cert verifier and
can avoid the overhead of loading client certs into a file

Can you raise a feature request in JIRA?

> Thanks
>>> Marc
>>>
>>
>>
>>
>> --
>> Kiran Ayyagari
>> http://keydap.com
>>
>


-- 
Kiran Ayyagari
http://keydap.com

Mime
View raw message