[jboss-dev-forums] [JBoss AS 7 Development] - Re: Remoting-connector with SSL
Darran Lofthouse
do-not-reply at jboss.com
Wed May 30 06:32:40 EDT 2012
Darran Lofthouse [https://community.jboss.org/people/dlofthouse] created the discussion
"Re: Remoting-connector with SSL"
To view the discussion, visit: https://community.jboss.org/message/738738#738738
--------------------------------------------------------------
No you do need the truststore on the client side to be able to verify the certificate although you should be able to use the following properties on the client without affecting the JVM installation: -
> -Djavax.net.ssl.trustStore=client.truststore -Djavax.net.ssl.trustStorePassword=truststore_password
The issue is that if the client is inadvertantly forwarded to connect to a different address a man in the middle type attack with a fake private key is fairly simple with that intermediarry now having full access to the data being exchanged.
--------------------------------------------------------------
Reply to this message by going to Community
[https://community.jboss.org/message/738738#738738]
Start a new discussion in JBoss AS 7 Development at Community
[https://community.jboss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2225]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.jboss.org/pipermail/jboss-dev-forums/attachments/20120530/c7070d67/attachment.html
More information about the jboss-dev-forums
mailing list