CXF
  1. CXF
  2. CXF-4204

CXF https transport should support to specify the cert alias name

    Details

    • Type: Improvement Improvement
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 2.4.7, 2.5.3, 2.6
    • Component/s: Transports
    • Labels:
      None
    • Estimated Complexity:
      Unknown

      Description

      when use https, the server and client side key store may have multiple private keys and certificates, but currently in CXF there's no way to specify which cert should be used, so if customer keystore has multiple certificates, which one is picked up become uncertain
      Jetty SslContextFactory already provide api

      public void setCertAlias(String certAlias)
      

      since Jetty 7.3.1, CXF should be able to expose this configuration as well.

        Activity

        Daniel Kulp made changes -
        Status Resolved [ 5 ] Closed [ 6 ]
        Freeman Fang made changes -
        Status In Progress [ 3 ] Resolved [ 5 ]
        Fix Version/s 2.4.7 [ 12319492 ]
        Fix Version/s 2.5.3 [ 12319491 ]
        Fix Version/s 2.6 [ 12319252 ]
        Resolution Fixed [ 1 ]
        Freeman Yue Fang <ffang@apache.org> committed 0eb34369a08dbffd05a5d3c1150728b6d2bf069b (1 file)
        Reviews: none

        [CXF-4204]add certAilas configuration through configAdmin when in OSGi container
        git-svn-id: https://svn.apache.org/repos/asf/cxf/trunk@1306186 13f79535-47bb-0310-9956-ffa450edef68

        Hide
        Freeman Fang added a comment -

        I still need change new added HTTPJettyTransportActivator on trunk to set certAlias

        Show
        Freeman Fang added a comment - I still need change new added HTTPJettyTransportActivator on trunk to set certAlias
        Show
        Freeman Fang added a comment - commit fix http://svn.apache.org/viewvc?rev=1305775&view=rev on trunk http://svn.apache.org/viewvc?rev=1305786&view=rev on 2.5.x branch http://svn.apache.org/viewvc?rev=1305789&view=rev on 2.4.x branch
        Freeman Fang made changes -
        Summary CXF http-jetty transport should support to specify the cert alias name when use https CXF https transport should support to specify the cert alias name
        Description when use https, the server side key store may have multiple private keys and certificates, but currently in CXF there's no way to specify which cert should be used, so if customer keystore has multiple certificates, which one is picked up become uncertain
        Jetty SslContextFactory already provide api
        {code}
        public void setCertAlias(String certAlias)
        {code}
        since Jetty 7.3.1, CXF should be able to expose this configuration as well.
        when use https, the server and client side key store may have multiple private keys and certificates, but currently in CXF there's no way to specify which cert should be used, so if customer keystore has multiple certificates, which one is picked up become uncertain
        Jetty SslContextFactory already provide api
        {code}
        public void setCertAlias(String certAlias)
        {code}
        since Jetty 7.3.1, CXF should be able to expose this configuration as well.
        Hide
        Freeman Fang added a comment -

        actually it's same case on the client side when configure http:conduit, both client and server side https transport should support to specify the cert alias

        Show
        Freeman Fang added a comment - actually it's same case on the client side when configure http:conduit, both client and server side https transport should support to specify the cert alias
        Freeman Fang made changes -
        Status Open [ 1 ] In Progress [ 3 ]
        Freeman Fang made changes -
        Field Original Value New Value
        Assignee Freeman Fang [ ffang ]
        Freeman Fang created issue -

          People

          • Assignee:
            Freeman Fang
            Reporter:
            Freeman Fang
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development