[JBoss JIRA] (TEIID-4080) Prevent expired client/server certificates from being accepted

Friday, 18 March 2016

    [
https://issues.jboss.org/browse/TEIID-4080?page=com.atlassian.jira.plugin...
] 

Steven Hawkins commented on TEIID-4080:
---------------------------------------

I don't think there is a good way to check the trust certificate validity dates.  For
now we'll just add an option to check if the server or client key has expired.

...
 Prevent expired client/server certificates from being accepted
 --------------------------------------------------------------

                 Key: TEIID-4080
                 URL: https://issues.jboss.org/browse/TEIID-4080
             Project: Teiid
          Issue Type: Enhancement
    Affects Versions: 8.12.5
            Reporter: Juraj Duráni
            Assignee: Steven Hawkins
         Attachments: keystore_client.jks, keystore_server_root_expired.jks,
truststore.jks, truststore_expired.jks

 If SSL is enabled (1-way or 2-way) server provides to the client certificate which must
be signed by valid certificate of trusted CA.
 If server provides certificate which is signed by certificate of root CA which already
expired client accepts this certificate. Client should not accept such certificate.
 This affects 1-way and 2-way authentication modes.
 On the client side, paths are set using teiid-specific properties:
 {code:java}
 System.setProperty("org.teiid.ssl.keyStore", clientKeystorePath);
 System.setProperty("org.teiid.ssl.keyStorePassword",
"keystorepswd");
 System.setProperty("org.teiid.ssl.keyAlias", "client");
 System.setProperty("org.teiid.ssl.keyPassword", "keystorepswd");
 System.setProperty("org.teiid.ssl.trustStore", clientTruststorePath);
 System.setProperty("org.teiid.ssl.trustStorePassword",
"truststorepswd");
 {code} 

--
This message was sent by Atlassian JIRA
(v6.4.11#64026)

2026

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009