[teiid-issues] [JBoss JIRA] (TEIID-4080) Prevent expired client/server certificates from being accepted
Steven Hawkins (JIRA)
issues at jboss.org
Thu Mar 17 09:31:00 EDT 2016
[ https://issues.jboss.org/browse/TEIID-4080?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Steven Hawkins updated TEIID-4080:
----------------------------------
Summary: Prevent expired client/server certificates from being accepted (was: SSL - client accepts server's certificate even if server's root CA is expired)
> Prevent expired client/server certificates from being accepted
> --------------------------------------------------------------
>
> Key: TEIID-4080
> URL: https://issues.jboss.org/browse/TEIID-4080
> Project: Teiid
> Issue Type: Enhancement
> Affects Versions: 8.12.5
> Reporter: Juraj Duráni
> Assignee: Steven Hawkins
> Attachments: keystore_client.jks, keystore_server_root_expired.jks, truststore.jks, truststore_expired.jks
>
>
> If SSL is enabled (1-way or 2-way) server provides to the client certificate which must be signed by valid certificate of trusted CA.
> If server provides certificate which is signed by certificate of root CA which already expired client accepts this certificate. Client should not accept such certificate.
> This affects 1-way and 2-way authentication modes.
> On the client side, paths are set using teiid-specific properties:
> {code:java}
> System.setProperty("org.teiid.ssl.keyStore", clientKeystorePath);
> System.setProperty("org.teiid.ssl.keyStorePassword", "keystorepswd");
> System.setProperty("org.teiid.ssl.keyAlias", "client");
> System.setProperty("org.teiid.ssl.keyPassword", "keystorepswd");
> System.setProperty("org.teiid.ssl.trustStore", clientTruststorePath);
> System.setProperty("org.teiid.ssl.trustStorePassword", "truststorepswd");
> {code}
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)
More information about the teiid-issues
mailing list