geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Donald Woods (JIRA)" <>
Subject [jira] Commented: (GERONIMO-2015) Let's replace JKS to PKCS12 key store type
Date Sat, 13 May 2006 14:40:12 GMT
    [ ] 

Donald Woods commented on GERONIMO-2015:

As long as we don't require any new Bouncy Castle code that has IP issues and you verify that
the changes will work on Linux, Windows, Mac OS, Solaris, AIX, ... then this can be a candidate
for 1.2/2.0.
BUT, this may need to wait until we fully support Java5, based on the following information
I found -
The IBM 1.4.2 JVMs seem to only support PKCS11 -
while the IBM 5.0 JVMs include support for PKCS12 -

> Let's replace JKS to PKCS12 key store type
> ------------------------------------------
>          Key: GERONIMO-2015
>          URL:
>      Project: Geronimo
>         Type: Improvement
>     Security: public(Regular issues) 
>   Components: security
>     Reporter: Nikolay Chugunov
>  Attachments:, jksToPKCS12.patch, keystore
> Hello
> Let's replace JKS to PKCS12 key store type; because PKCS12 is widely used key store and
Geronimo may not work on non-Sun VMs.
> To fix this problem I have created the patch for Geronimo sources.
> In brief the patch (attached) replaces JKS to PKCS12 key store type in configurations
> PKCS12 format of key store file is not java-specific and can be created and read by other
programs, e.g. Internet Explorer. In addition PKCS12 exists in Bouncy Castle (
security provider, while JKS is Sun specific key store and does not exist in Bouncy Castle.
> Also it is needed to replace JKS to PKCS12 keystore file (attached) to assemblies/j2ee-tomcat-server/src/var/security,
assemblies/j2ee-installer/src/var/security, assemblies/j2ee-jetty-server/src/var/security
directories. Key store file was generating using JKSToPKCS12 class (attached). This class
transfers key and certificate of Geronimo from JKS to PKCS12.
> After I apply this patch to Geronimo 1.0 sources and build Geronimo I can login to Geronimo
console over https.

This message is automatically generated by JIRA.
If you think it was sent incorrectly contact one of the administrators:
For more information on JIRA, see:

View raw message