geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From David Jencks <>
Subject Re: HTTPS Listener in consistencies & PKCS12 support
Date Mon, 12 Mar 2007 05:48:49 GMT

On Mar 12, 2007, at 1:26 AM, Lasantha Ranaweera wrote:

> Hi Folks,
> I noticed some in consistencies in the Geronimo console when it  
> comes to Jetty & Tomcat environments while we are creating HTTPS  
> listeners (two different UIs). Tomcat GUI support both PKCS12 and  
> JKS key stores while Jetty only supports JKS (there are some other  
> differences too). Is there any reason behind this kind of change?  
> Can't we use the same GUI for this kind of activity because it will  
> give G user same environment whether it is Tomcat or Jetty ?
> Also in Tomcat HTTPS listener supports PKCS12 key store type G  
> currently only supports JKS type. Can't we add the PKCS12 in to the  
> G key stores since it is more industry standard when it comes to  
> key stores than JKS? I remembered using bouncy castle as security  
> provider with PKCS12 sometime back without any issues  ;-) . Any  
> insight would be greatly appriciated.
> I would like to spend some of my time on these issues if there is  
> no big technical (also legal) barrier associated with it :-) .

so far I've stayed out of this discussion :-)

There's been discussion of similar issues in https://  We have to be very  
careful about importing more of the bouncy castle code than we  
already have to avoid potential patent infringement issues.

 From a design perspective I would like to see first that our tomcat  
integration uses a keystore gbean like the jetty integration does,  
and then the additional keystore be added.  However both of these  
parts would be great from my point of view.

It looks from the jira comments that some people have concerns about  
compatibility across different platforms.  Is this taken care of by  
the move to jdk 1.5 in g. 2.0?

david jencks

> Thanks,
> Lasantha

View raw message