harmony-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tim Ellison <t.p.elli...@gmail.com>
Subject Re: SSL connections and cacerts
Date Wed, 19 Mar 2008 18:45:13 GMT
Wim Vander Schelden wrote:
> Stepan Mishura wrote:
>> It sounds like you used cacerts file (RI's?) that is in JSK format.
>> This definitely doesn't work with Harmony because JKS is a Sun's
>> proprietary standard [1]. You should provide cacerts file in
>> PKCS12(IIRC) format. PKCS12 implemented in Bouncy Castle security
>> provider and used by Harmony.
>>   
> So the easiest way to do this would be by using the keytool included in
> Harmony, I assume?
> Will Harmony look at the cacerts file in the lib/security directory, or
> do I need to instruct it to do
> so somehow? And what password should I use for the keystore?
> 
> Is there a reason why such a file is not distributed with Harmony by
> default?

Good question.  The cacerts file contains the certificates of various 
certification authorities (CAs).  It's not clear to me that Apache would 
be able to redistribute those without special agreement with the CAs.

We have not gone round collecting up CAs and signed up to their terms 
and conditions to check.

Regards,
Tim

Mime
View raw message