Wolf-Dieter Fink created ISPN-12737:
---------------------------------------
Summary: Server should support a truststore for client cert validation
Key: ISPN-12737
URL:
https://issues.redhat.com/browse/ISPN-12737
Project: Infinispan
Issue Type: Enhancement
Components: Security, Server
Affects Versions: 12.0.0.Final
Reporter: Wolf-Dieter Fink
Assignee: Tristan Tarrant
Fix For: 12.1.0.Final
While it is possible to authenticate clients using a certificate, this requires a trust
store realm which means adding all possible client certificates to the trust store. Simple
validation (not authentication) of certificates based on their trust chain is currently
not supported.
We should enhance the SSL server identity to support a truststore without requiring a
trust realm.
{code:xml}
<security-realm name="default">
<server-identities>
<ssl>
<keystore path="server.pfx"
keystore-password="secret" alias="server"/>
<truststore path="ca.pfx" password="secret"/>
</ssl>
</server-identities>
</security-realm>
{code}
If a truststore is present, client cert will be required on incoming connections.
--
This message was sent by Atlassian Jira
(v8.13.1#813001)