geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Vasily Zakharov (JIRA)" <j...@apache.org>
Subject [jira] Commented: (GERONIMO-2015) Let's replace JKS to PKCS12 key store type
Date Thu, 10 Jan 2008 15:07:34 GMT

    [ https://issues.apache.org/jira/browse/GERONIMO-2015?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12557664#action_12557664
] 

Vasily Zakharov commented on GERONIMO-2015:
-------------------------------------------

What is the current situation with this issue?

It was targeted at v2.0, but now v2.0.2 is already out there.
It looks like parts of the proposed functionality are already there, and otherwise the patches
are obsolete as they don't use the keystore gbean.

Is it worth providing newer patches on this, are there any plans to integrate them?

For now, Geronimo still doesn't start if JKS implementation is not available, e. g. on Harmony.


> Let's replace JKS to PKCS12 key store type
> ------------------------------------------
>
>                 Key: GERONIMO-2015
>                 URL: https://issues.apache.org/jira/browse/GERONIMO-2015
>             Project: Geronimo
>          Issue Type: Improvement
>      Security Level: public(Regular issues) 
>          Components: security
>            Reporter: Nikolay Chugunov
>             Fix For: Wish List
>
>         Attachments: jksToPKCS12-1.1.1.patch, JKSToPKCS12.java, jksToPKCS12.patch, keystore
>
>
> Hello
> Let's replace JKS to PKCS12 key store type; because PKCS12 is widely used key store and
Geronimo may not work on non-Sun VMs.
> To fix this problem I have created the patch for Geronimo sources.
> In brief the patch (attached) replaces JKS to PKCS12 key store type in configurations
files. 
> PKCS12 format of key store file is not java-specific and can be created and read by other
programs, e.g. Internet Explorer. In addition PKCS12 exists in Bouncy Castle (http://www.bouncycastle.org)
security provider, while JKS is Sun specific key store and does not exist in Bouncy Castle.
> Also it is needed to replace JKS to PKCS12 keystore file (attached) to assemblies/j2ee-tomcat-server/src/var/security,
assemblies/j2ee-installer/src/var/security, assemblies/j2ee-jetty-server/src/var/security
directories. Key store file was generating using JKSToPKCS12 class (attached). This class
transfers key and certificate of Geronimo from JKS to PKCS12.
> After I apply this patch to Geronimo 1.0 sources and build Geronimo I can login to Geronimo
console over https.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message