geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Vamsavardhana Reddy (JIRA)" <...@geronimo.apache.org>
Subject [jira] Commented: (GERONIMO-2413) Add a Certification Authority (CA) portlet to Geronimo console
Date Tue, 17 Oct 2006 15:01:35 GMT
    [ http://issues.apache.org/jira/browse/GERONIMO-2413?page=comments#action_12442928 ] 
            
Vamsavardhana Reddy commented on GERONIMO-2413:
-----------------------------------------------

Here is a scenario I have tested.
Step 1.  Setup CA by entering CA Name details etc.
Step 2.  Generate a CSR from geronimo-default keystore and process the server certificate
request using "Issue New Certificate" link in CA portlet.
Step 3.  Import CA's certificate as trusted and the CA reply.
Step 4.  Setup an HTTPS Connector configured for client authentication.
Step 5.  Start the CA Helper application from "Web App WARs" portlet

In a second browser window,
Step 6.  Access the CA Helper Application at http://localhost:8080/CAHelper through a web
browser that supports KEYGEN tag.  Internet Explorer does not support KEYGEN tag.
Step 7.  Submit a Certificate Request through web brower using "Request Certificate" link.
 Upon submission the request shows up in "Requests to be verified" page in CA portlet.  NOTE:
 Make a note of the request id as it will be required to download the cerfiticate issued by
the CA.

In CA portlet,
Step 8.  Approve the request through CA portllet using "Requests to be verified" link.  Approved
requests showup in "Requests to be fulfilled" page.
Step 9.  Process the request from "Requests to be fulfilled" page and issue certificate.

In the CA Helper window,
Step 10.  Import CA's certificate into web browser suing "Download CA certificate" link.
Step 11.  Install personal certificate using the "Download Certificate" link and request id
from Step 7 above.
Step 12.  Access the verify certificate link to verify that the certificate is downloaded
and installed.

Summary of the scenario:  CA is setup; a certificate request is submitted through web browser
and issued certificate is downloaded into the web browser.

> Add a Certification Authority (CA) portlet to Geronimo console
> --------------------------------------------------------------
>
>                 Key: GERONIMO-2413
>                 URL: http://issues.apache.org/jira/browse/GERONIMO-2413
>             Project: Geronimo
>          Issue Type: New Feature
>      Security Level: public(Regular issues) 
>          Components: console, security
>            Reporter: Vamsavardhana Reddy
>             Fix For: 1.2, 1.x
>
>         Attachments: 02.ca-initialization-enter-details.JPG, 07.issue-certificate-show-csr-details.JPG,
09.issue-certificate-successful.JPG, GERONIMO-2413-revised.patch, GERONIMO-2413-v1.2.patch,
GERONIMO-2413.patch, GeronimoCA.zip
>
>
> A Certification Authority portlet will be very useful.  A full fledged CA may be a long
way to go.  But what ever minimum function is required to process CSR's etc. is not hard and
the users can issue their own digital certificates instead of getting trial certificates from
some CA. 

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message