[teiid-issues] [JBoss JIRA] (TEIID-4080) Prevent expired client/server certificates from being accepted

Steven Hawkins (JIRA) issues at jboss.org
Mon Mar 21 15:04:00 EDT 2016 

     [ https://issues.jboss.org/browse/TEIID-4080?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Steven Hawkins resolved TEIID-4080.
-----------------------------------
    Fix Version/s: 9.0
                   8.12.5
       Resolution: Done


Added the client property org.teiid.ssl.checkExpired and the transport property truststore-check-expired to look for valid certificate dates.  Both default to false for backwards compatibility.

> Prevent expired client/server certificates from being accepted
> --------------------------------------------------------------
>
>                 Key: TEIID-4080
>                 URL: https://issues.jboss.org/browse/TEIID-4080
>             Project: Teiid
>          Issue Type: Enhancement
>          Components: Server
>    Affects Versions: 8.12.5
>            Reporter: Juraj Duráni
>            Assignee: Steven Hawkins
>             Fix For: 9.0, 8.12.5
>
>         Attachments: keystore_client.jks, keystore_server_root_expired.jks, truststore.jks, truststore_expired.jks
>
>
> If SSL is enabled (1-way or 2-way) server provides to the client certificate which must be signed by valid certificate of trusted CA.
> If server provides certificate which is signed by certificate of root CA which already expired client accepts this certificate. Client should not accept such certificate.
> This affects 1-way and 2-way authentication modes.
> On the client side, paths are set using teiid-specific properties:
> {code:java}
> System.setProperty("org.teiid.ssl.keyStore", clientKeystorePath);
> System.setProperty("org.teiid.ssl.keyStorePassword", "keystorepswd");
> System.setProperty("org.teiid.ssl.keyAlias", "client");
> System.setProperty("org.teiid.ssl.keyPassword", "keystorepswd");
> System.setProperty("org.teiid.ssl.trustStore", clientTruststorePath);
> System.setProperty("org.teiid.ssl.trustStorePassword", "truststorepswd");
> {code}



--
This message was sent by Atlassian JIRA
(v6.4.11#64026)

More information about the teiid-issues mailing list