geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Nellya Udovichenko (JIRA)" <...@geronimo.apache.org>
Subject [jira] Commented: (GERONIMO-2015) Let's replace JKS to PKCS12 key store type
Date Thu, 10 Aug 2006 13:55:15 GMT
    [ http://issues.apache.org/jira/browse/GERONIMO-2015?page=comments#action_12427223 ] 
            
Nellya Udovichenko commented on GERONIMO-2015:
----------------------------------------------

Both JKS and PKCS12 keystore formats are supported by both Sun and IBM JDKs.
See 'Additional Keystore Formats (PKCS12)'
http://java.sun.com/j2se/1.5.0/docs/guide/security/jsse/JSSERefGuide.html#KeystoreFormats
and end of 'Introduction'
http://www-128.ibm.com/developerworks/java/jdk/security/50/secguides/JceDocs/api_users_guide.html#JceKeystore


Adding changeable keystore type parameter and supporting PKCS12 would be woundeful 
and important compatibility feature for working with non-Sun JDKs at 1.x versions.

Of course, we may leave JKS as default keystore type for compatibility with older versions.
And later, e. g. in 2.0 we may make PKCS12 a default keystore - it would be a good gradual
change.



> Let's replace JKS to PKCS12 key store type
> ------------------------------------------
>
>                 Key: GERONIMO-2015
>                 URL: http://issues.apache.org/jira/browse/GERONIMO-2015
>             Project: Geronimo
>          Issue Type: Improvement
>      Security Level: public(Regular issues) 
>          Components: security
>            Reporter: Nikolay Chugunov
>             Fix For: 1.2
>
>         Attachments: JKSToPKCS12.java, jksToPKCS12.patch, keystore
>
>
> Hello
> Let's replace JKS to PKCS12 key store type; because PKCS12 is widely used key store and
Geronimo may not work on non-Sun VMs.
> To fix this problem I have created the patch for Geronimo sources.
> In brief the patch (attached) replaces JKS to PKCS12 key store type in configurations
files. 
> PKCS12 format of key store file is not java-specific and can be created and read by other
programs, e.g. Internet Explorer. In addition PKCS12 exists in Bouncy Castle (http://www.bouncycastle.org)
security provider, while JKS is Sun specific key store and does not exist in Bouncy Castle.
> Also it is needed to replace JKS to PKCS12 keystore file (attached) to assemblies/j2ee-tomcat-server/src/var/security,
assemblies/j2ee-installer/src/var/security, assemblies/j2ee-jetty-server/src/var/security
directories. Key store file was generating using JKSToPKCS12 class (attached). This class
transfers key and certificate of Geronimo from JKS to PKCS12.
> After I apply this patch to Geronimo 1.0 sources and build Geronimo I can login to Geronimo
console over https.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message