geronimo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "David Jencks (JIRA)" <j...@apache.org>
Subject [jira] Commented: (GERONIMO-3820) Secure LDAP (ldaps) trusted certificate authorities
Date Wed, 06 Feb 2008 16:35:11 GMT

    [ https://issues.apache.org/jira/browse/GERONIMO-3820?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12566186#action_12566186
] 

David Jencks commented on GERONIMO-3820:
----------------------------------------

I think the best solution would be to make customize apacheds to be aware of the geronimo
keystore framework similar to what is done in the jetty integration.

> Secure LDAP (ldaps) trusted certificate authorities
> ---------------------------------------------------
>
>                 Key: GERONIMO-3820
>                 URL: https://issues.apache.org/jira/browse/GERONIMO-3820
>             Project: Geronimo
>          Issue Type: Bug
>      Security Level: public(Regular issues) 
>          Components: security
>    Affects Versions: 1.1.1, 2.0-M1, 2.0-M2, 2.0-M3, 2.0-M4, 2.0-M5, 2.0-M6, 2.0-M7, 2.0,
2.0.1, 2.0.2
>         Environment: Integrating Geronimo with a SSL-enabled LDAP server
>            Reporter: Sakari Maaranen
>
> When connecting to a LDAPS server, Geronimo refuses the connection because it cannot
trust the server's certificate. This is simply because the trusted certificate authorities
are not easily configurable with LDAP security realms.
> I had to use command line options for my JVM before starting Geronimo:
> -Djavax.net.ssl.trustStore=<geronimo-home>/var/security/keystores/<keystore-filename>
-Djavax.net.ssl.trustStorePassword=<password>
> Would be nice to have those configurable with GBeans or a similar means, preferrably
via a web GUI.
> More details in GERONIMO-3812 comments.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message