[teiid-issues] [JBoss JIRA] (TEIID-4080) Prevent expired client/server certificates from being accepted
[
https://issues.jboss.org/browse/TEIID-4080?page=com.atlassian.jira.plugin...
]
Steven Hawkins resolved TEIID-4080.
-----------------------------------
Fix Version/s: 9.0
8.12.5
Resolution: Done
Added the client property org.teiid.ssl.checkExpired and the transport property
truststore-check-expired to look for valid certificate dates. Both default to false for
backwards compatibility.
Prevent expired client/server certificates from being accepted
--------------------------------------------------------------
Key: TEIID-4080
URL: https://issues.jboss.org/browse/TEIID-4080
Project: Teiid
Issue Type: Enhancement
Components: Server
Affects Versions: 8.12.5
Reporter: Juraj DurĂ¡ni
Assignee: Steven Hawkins
Fix For: 9.0, 8.12.5
Attachments: keystore_client.jks, keystore_server_root_expired.jks,
truststore.jks, truststore_expired.jks
If SSL is enabled (1-way or 2-way) server provides to the client certificate which must
be signed by valid certificate of trusted CA.
If server provides certificate which is signed by certificate of root CA which already
expired client accepts this certificate. Client should not accept such certificate.
This affects 1-way and 2-way authentication modes.
On the client side, paths are set using teiid-specific properties:
{code:java}
System.setProperty("org.teiid.ssl.keyStore", clientKeystorePath);
System.setProperty("org.teiid.ssl.keyStorePassword",
"keystorepswd");
System.setProperty("org.teiid.ssl.keyAlias", "client");
System.setProperty("org.teiid.ssl.keyPassword", "keystorepswd");
System.setProperty("org.teiid.ssl.trustStore", clientTruststorePath);
System.setProperty("org.teiid.ssl.trustStorePassword",
"truststorepswd");
{code}
--
This message was sent by Atlassian JIRA
(v6.4.11#64026)