[GERONIMO-2015] Let's replace JKS to PKCS12 key store type - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Closed
Priority: Major
Resolution: Won't Fix
Affects Version/s: None
Fix Version/s: Wish List
Component/s: security
Security Level: public (Regular issues)
Labels:
None

Patch Info:

Patch Available

Description

Hello

Let's replace JKS to PKCS12 key store type; because PKCS12 is widely used key store and Geronimo may not work on non-Sun VMs.

To fix this problem I have created the patch for Geronimo sources.
In brief the patch (attached) replaces JKS to PKCS12 key store type in configurations files.
PKCS12 format of key store file is not java-specific and can be created and read by other programs, e.g. Internet Explorer. In addition PKCS12 exists in Bouncy Castle (http://www.bouncycastle.org) security provider, while JKS is Sun specific key store and does not exist in Bouncy Castle.
Also it is needed to replace JKS to PKCS12 keystore file (attached) to assemblies/j2ee-tomcat-server/src/var/security, assemblies/j2ee-installer/src/var/security, assemblies/j2ee-jetty-server/src/var/security directories. Key store file was generating using JKSToPKCS12 class (attached). This class transfers key and certificate of Geronimo from JKS to PKCS12.

After I apply this patch to Geronimo 1.0 sources and build Geronimo I can login to Geronimo console over https.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

keystore
12/May/06 21:58
2 kB
Nikolay Chugunov
JKSToPKCS12.java
12/May/06 21:59
1 kB
Nikolay Chugunov
jksToPKCS12.patch
12/May/06 22:03
4 kB
Nikolay Chugunov
jksToPKCS12-1.1.1.patch
13/Oct/06 14:57
5 kB
Nellya Udovichenko

Issue Links

relates to

GERONIMO-3757 KeyStore type can't be changed

Closed

Activity

People

Assignee:: Alexey Petrenko

Reporter:: Nikolay Chugunov

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 12/May/06 21:54

Updated:: 17/Jan/08 22:13

Resolved:: 17/Jan/08 22:13