geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Matt Hogstrom (JIRA)" <...@geronimo.apache.org>
Subject [jira] Commented: (GERONIMO-2015) Let's replace JKS to PKCS12 key store type
Date Thu, 10 Aug 2006 18:00:16 GMT
    [ http://issues.apache.org/jira/browse/GERONIMO-2015?page=comments#action_12427290 ] 
            
Matt Hogstrom commented on GERONIMO-2015:
-----------------------------------------

Oops...my bad on the 2.0.  I'll create one although there is no content there yet :)

I'd like to get Aaron's and DJencks input on this as they are more familiar with the security
aspects than I.  

One of your earlier comments indicated that JKS is not supported on IBM VMs (I didn't hear
anything about JRockit and they should probably be part of the discussion as well).   The
earlier posts have me a bit confused about what works with what.  Some say it works with BouncyCastle
but BouncyCastle isn't required.  Here is one about changing VMs as an issue Vamsavardhana
Reddy [16/May/06 06:37 AM].  

Is it possible to post a comprehensive proposal of what works with what, etc?  Forgive my
ignorance in the security area.  I think my earlier recommendation to defer this might have
been flawed.

> Let's replace JKS to PKCS12 key store type
> ------------------------------------------
>
>                 Key: GERONIMO-2015
>                 URL: http://issues.apache.org/jira/browse/GERONIMO-2015
>             Project: Geronimo
>          Issue Type: Improvement
>      Security Level: public(Regular issues) 
>          Components: security
>            Reporter: Nikolay Chugunov
>             Fix For: 1.2
>
>         Attachments: JKSToPKCS12.java, jksToPKCS12.patch, keystore
>
>
> Hello
> Let's replace JKS to PKCS12 key store type; because PKCS12 is widely used key store and
Geronimo may not work on non-Sun VMs.
> To fix this problem I have created the patch for Geronimo sources.
> In brief the patch (attached) replaces JKS to PKCS12 key store type in configurations
files. 
> PKCS12 format of key store file is not java-specific and can be created and read by other
programs, e.g. Internet Explorer. In addition PKCS12 exists in Bouncy Castle (http://www.bouncycastle.org)
security provider, while JKS is Sun specific key store and does not exist in Bouncy Castle.
> Also it is needed to replace JKS to PKCS12 keystore file (attached) to assemblies/j2ee-tomcat-server/src/var/security,
assemblies/j2ee-installer/src/var/security, assemblies/j2ee-jetty-server/src/var/security
directories. Key store file was generating using JKSToPKCS12 class (attached). This class
transfers key and certificate of Geronimo from JKS to PKCS12.
> After I apply this patch to Geronimo 1.0 sources and build Geronimo I can login to Geronimo
console over https.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message