]
RH Bugzilla Integration updated TEIID-4080:
-------------------------------------------
Bugzilla References:
Prevent expired client/server certificates from being accepted
--------------------------------------------------------------
Key: TEIID-4080
URL:
https://issues.jboss.org/browse/TEIID-4080
Project: Teiid
Issue Type: Enhancement
Components: Server
Affects Versions: 8.12.5
Reporter: Juraj DurĂ¡ni
Assignee: Steven Hawkins
Fix For: 9.0, 8.12.5
Attachments: keystore_client.jks, keystore_server_root_expired.jks,
truststore.jks, truststore_expired.jks
If SSL is enabled (1-way or 2-way) server provides to the client certificate which must
be signed by valid certificate of trusted CA.
If server provides certificate which is signed by certificate of root CA which already
expired client accepts this certificate. Client should not accept such certificate.
This affects 1-way and 2-way authentication modes.
On the client side, paths are set using teiid-specific properties:
{code:java}
System.setProperty("org.teiid.ssl.keyStore", clientKeystorePath);
System.setProperty("org.teiid.ssl.keyStorePassword",
"keystorepswd");
System.setProperty("org.teiid.ssl.keyAlias", "client");
System.setProperty("org.teiid.ssl.keyPassword", "keystorepswd");
System.setProperty("org.teiid.ssl.trustStore", clientTruststorePath);
System.setProperty("org.teiid.ssl.trustStorePassword",
"truststorepswd");
{code}