geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Aaron Mulder <ammul...@alumni.princeton.edu>
Subject SSL Support (Jetty & Tomcat)
Date Sat, 13 Aug 2005 13:17:19 GMT
	So we heard earlier from the TriFork guys that they'd prefer if 
Geronimo had a generic Keystore service.  I notice that Jetty and Tomcat 
have HTTPS support requiring Keystore configuration as well, and it 
doesn't seem to make a ton of sense to me to repeat all the settings in 
each HTTPS/SSL interface (unless you want them to be different).  This 
isn't super-onerous because normally you don't have that many, but I can 
see the attraction of a centralized Leystore service.

	If we provide a Keystore GBean, how would Jetty and Tomcat be able
to take advantage of it?  It seems that if the Keystore GBean was just a
centralized place to access Keystore settings, the answer would be obvious
(the SSL web connectors could just say KeystoreGBean.getKeystoreFile(),
KeystoreGBean.getKeystorePassword(), etc.).  But if the KeystoreGBean
instead only used the config settings internally and its external API
instead provided access directly to the server keys and CA certs, it's not
clear to me whether the Tomcat and Jetty HTTPS connectors could operate on
that basis (KeystoreGBean.getServerPrivateKey(), 
KeystoreGBean.getCACerts(), etc.).

	Any thoughts from the people who are more familiar with the web 
containers?

Thanks,
	Aaron

Mime
View raw message