Return-Path: Delivered-To: apmail-geronimo-dev-archive@www.apache.org Received: (qmail 63093 invoked from network); 13 May 2006 14:40:39 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur.apache.org with SMTP; 13 May 2006 14:40:39 -0000 Received: (qmail 8686 invoked by uid 500); 13 May 2006 14:40:37 -0000 Delivered-To: apmail-geronimo-dev-archive@geronimo.apache.org Received: (qmail 8623 invoked by uid 500); 13 May 2006 14:40:36 -0000 Mailing-List: contact dev-help@geronimo.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: List-Post: Reply-To: dev@geronimo.apache.org List-Id: Delivered-To: mailing list dev@geronimo.apache.org Received: (qmail 8612 invoked by uid 99); 13 May 2006 14:40:36 -0000 Received: from asf.osuosl.org (HELO asf.osuosl.org) (140.211.166.49) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 13 May 2006 07:40:36 -0700 X-ASF-Spam-Status: No, hits=0.0 required=10.0 tests= X-Spam-Check-By: apache.org Received: from [209.237.227.198] (HELO brutus.apache.org) (209.237.227.198) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 13 May 2006 07:40:35 -0700 Received: from brutus (localhost [127.0.0.1]) by brutus.apache.org (Postfix) with ESMTP id A8AAC71428C for ; Sat, 13 May 2006 14:40:12 +0000 (GMT) Message-ID: <5460689.1147531212661.JavaMail.root@brutus> Date: Sat, 13 May 2006 14:40:12 +0000 (GMT+00:00) From: "Donald Woods (JIRA)" To: dev@geronimo.apache.org Subject: [jira] Commented: (GERONIMO-2015) Let's replace JKS to PKCS12 key store type In-Reply-To: <1180258.1147445768877.JavaMail.root@brutus> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked by ClamAV on apache.org X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N [ http://issues.apache.org/jira/browse/GERONIMO-2015?page=comments#action_12383391 ] Donald Woods commented on GERONIMO-2015: ---------------------------------------- As long as we don't require any new Bouncy Castle code that has IP issues and you verify that the changes will work on Linux, Windows, Mac OS, Solaris, AIX, ... then this can be a candidate for 1.2/2.0. BUT, this may need to wait until we fully support Java5, based on the following information I found - The IBM 1.4.2 JVMs seem to only support PKCS11 - http://www-128.ibm.com/developerworks/java/jdk/security/142/secguides/pkcs11implDocs/IBMJavaPKCS11ImplementationProvider.html while the IBM 5.0 JVMs include support for PKCS12 - http://www-128.ibm.com/developerworks/java/jdk/security/50/secguides/jsse2Docs/JSSE2RefGuide.html#KeystoreFormats > Let's replace JKS to PKCS12 key store type > ------------------------------------------ > > Key: GERONIMO-2015 > URL: http://issues.apache.org/jira/browse/GERONIMO-2015 > Project: Geronimo > Type: Improvement > Security: public(Regular issues) > Components: security > Reporter: Nikolay Chugunov > Attachments: JKSToPKCS12.java, jksToPKCS12.patch, keystore > > Hello > Let's replace JKS to PKCS12 key store type; because PKCS12 is widely used key store and Geronimo may not work on non-Sun VMs. > To fix this problem I have created the patch for Geronimo sources. > In brief the patch (attached) replaces JKS to PKCS12 key store type in configurations files. > PKCS12 format of key store file is not java-specific and can be created and read by other programs, e.g. Internet Explorer. In addition PKCS12 exists in Bouncy Castle (http://www.bouncycastle.org) security provider, while JKS is Sun specific key store and does not exist in Bouncy Castle. > Also it is needed to replace JKS to PKCS12 keystore file (attached) to assemblies/j2ee-tomcat-server/src/var/security, assemblies/j2ee-installer/src/var/security, assemblies/j2ee-jetty-server/src/var/security directories. Key store file was generating using JKSToPKCS12 class (attached). This class transfers key and certificate of Geronimo from JKS to PKCS12. > After I apply this patch to Geronimo 1.0 sources and build Geronimo I can login to Geronimo console over https. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira