geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Lasantha Ranaweera <>
Subject Re: HTTPS Listener in consistencies & PKCS12 support
Date Mon, 12 Mar 2007 06:48:06 GMT
David Jencks wrote:
> On Mar 12, 2007, at 1:26 AM, Lasantha Ranaweera wrote:
>> Hi Folks,
>> I noticed some in consistencies in the Geronimo console when it comes 
>> to Jetty & Tomcat environments while we are creating HTTPS listeners 
>> (two different UIs). Tomcat GUI support both PKCS12 and JKS key 
>> stores while Jetty only supports JKS (there are some other 
>> differences too). Is there any reason behind this kind of change? 
>> Can't we use the same GUI for this kind of activity because it will 
>> give G user same environment whether it is Tomcat or Jetty ?
>> Also in Tomcat HTTPS listener supports PKCS12 key store type G 
>> currently only supports JKS type. Can't we add the PKCS12 in to the G 
>> key stores since it is more industry standard when it comes to key 
>> stores than JKS? I remembered using bouncy castle as security 
>> provider with PKCS12 sometime back without any issues ;-) . Any 
>> insight would be greatly appriciated.
>> I would like to spend some of my time on these issues if there is no 
>> big technical (also legal) barrier associated with it :-) .
> so far I've stayed out of this discussion :-)
> There's been discussion of similar issues in 
> We have to be 
> very careful about importing more of the bouncy castle code than we 
> already have to avoid potential patent infringement issues.
> From a design perspective I would like to see first that our tomcat 
> integration uses a keystore gbean like the jetty integration does, and 
> then the additional keystore be added. However both of these parts 
> would be great from my point of view.
> It looks from the jira comments that some people have concerns about 
> compatibility across different platforms. Is this taken care of by the 
> move to jdk 1.5 in g. 2.0?
> thanks
> david jencks
Thanks David for the information as always ;-) . I will start from the 
HTTPSListener side since PKCS12 is bit more complicated right now.

>> Thanks,
>> Lasantha

View raw message