FtpServer
  1. FtpServer
  2. FTPSERVER-179

Update SSL configuration how-to to describe how to select different keystore algorithms

    Details

    • Type: Task Task
    • Status: Closed
    • Priority: Trivial Trivial
    • Resolution: Fixed
    • Affects Version/s: 1.0.0-M3
    • Fix Version/s: 1.0.0-M4
    • Component/s: None
    • Labels:
      None
    • Environment:
      IBM AIX 5.2, IBM java J2RE 1.5.0 IBM AIX build pap64devifx-20071025 (SR6b)

      Description

      The DefaultSslConfiguration class understandably selects the SunX509 algorithm as a sensible default, but this algorithm is not available on AIX running the IBM JVM shown above. Attempting to configure SSL using the config.xml file results in the exception:

      java.security.NoSuchAlgorithmException: SunX509 KeyManagerFactory not available

      On my machine, the "IbmX509" algorithm should be used instead of the SunX509 one. But the SSL configuration howto does not explain how to select a different algorithm and does not mention the "algorithm" attribute that can be applied to the <keystore> and <truststore> elements.

      The document therefore needs to be updated. For reference, my config now reads:

      <ssl>
      <keystore file="./res/conf/ftpserver.jks" password="password" algorithm="IbmX509"/>
      <truststore file="./res/conf/truststore.jks" password="password" algorithm="IbmX509"/>
      </ssl>

      Thank you very much.

        Activity

        Hide
        Niklas Gustavsson added a comment -

        I've added a link from the SSL/TLS page to the full documentation on the configuration.

        Show
        Niklas Gustavsson added a comment - I've added a link from the SSL/TLS page to the full documentation on the configuration.
        Hide
        Gary Bell added a comment -

        Thanks Niklas, I didn't think to look under the listeners section of the docs - sorry. I just went straight to the TLS/SSL Support section since that is what I was after. Perhaps a link directing unfamiliar users to the listeners section for more configuration options might be helpful?

        In any case, I am happy to close this issue if you want.

        Show
        Gary Bell added a comment - Thanks Niklas, I didn't think to look under the listeners section of the docs - sorry. I just went straight to the TLS/SSL Support section since that is what I was after. Perhaps a link directing unfamiliar users to the listeners section for more configuration options might be helpful? In any case, I am happy to close this issue if you want.
        Hide
        Niklas Gustavsson added a comment -

        This does seem to be covered by the documentation:
        http://mina.apache.org/ftpserver/listeners.html

        Then look under "keystore element" and "truststore element". Or am I missing something?

        Show
        Niklas Gustavsson added a comment - This does seem to be covered by the documentation: http://mina.apache.org/ftpserver/listeners.html Then look under "keystore element" and "truststore element". Or am I missing something?

          People

          • Assignee:
            Niklas Gustavsson
            Reporter:
            Gary Bell
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development