]
RH Bugzilla Integration commented on TEIID-4080:
------------------------------------------------
Juraj Duráni <jdurani(a)redhat.com> changed the Status of [bug
Prevent expired client/server certificates from being accepted
--------------------------------------------------------------
Key: TEIID-4080
URL:
https://issues.jboss.org/browse/TEIID-4080
Project: Teiid
Issue Type: Enhancement
Components: Server
Affects Versions: 8.12.5
Reporter: Juraj Duráni
Assignee: Steven Hawkins
Fix For: 9.0, 8.12.5
Attachments: keystore_client.jks, keystore_server_root_expired.jks,
truststore.jks, truststore_expired.jks
If SSL is enabled (1-way or 2-way) server provides to the client certificate which must
be signed by valid certificate of trusted CA.
If server provides certificate which is signed by certificate of root CA which already
expired client accepts this certificate. Client should not accept such certificate.
This affects 1-way and 2-way authentication modes.
On the client side, paths are set using teiid-specific properties:
{code:java}
System.setProperty("org.teiid.ssl.keyStore", clientKeystorePath);
System.setProperty("org.teiid.ssl.keyStorePassword",
"keystorepswd");
System.setProperty("org.teiid.ssl.keyAlias", "client");
System.setProperty("org.teiid.ssl.keyPassword", "keystorepswd");
System.setProperty("org.teiid.ssl.trustStore", clientTruststorePath);
System.setProperty("org.teiid.ssl.trustStorePassword",
"truststorepswd");
{code}