[jboss-jira] [JBoss JIRA] (WFLY-3483) Improve the ability to use MS Windows keystore for the web servers ssl connector

Emmanuel Hugonnet (JIRA) issues at jboss.org
Wed Jun 18 12:11:24 EDT 2014 

     [ https://issues.jboss.org/browse/WFLY-3483?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Emmanuel Hugonnet resolved WFLY-3483.
-------------------------------------

    Fix Version/s: 8.1.0.Final
       Resolution: Done


By using the following configuration it worked nicely in WildFly 8.1 :
{quote}
<security-realm name="UndertowRealm">
                <server-identities>
                    <ssl>
                        <keystore alias="jbossas" keystore-password="jbossas" provider="Windows-MY" />
                    </ssl>
                </server-identities>
</security-realm>
{quote}

> Improve the ability to use MS Windows keystore for the web servers ssl connector
> --------------------------------------------------------------------------------
>
>                 Key: WFLY-3483
>                 URL: https://issues.jboss.org/browse/WFLY-3483
>             Project: WildFly
>          Issue Type: Enhancement
>      Security Level: Public(Everyone can see) 
>          Components: Security
>    Affects Versions: 8.1.0.Final
>            Reporter: Derek Horton
>            Assignee: Darran Lofthouse
>             Fix For: 8.1.0.Final
>
>
> It is possible to configure the web ssl connector to use the Windows certificate keystore (access provided by the SunMSCAPI provider).  However, the JSSESocketFactory checks for a keystore file.  This check should likely be skipped when the connector is configured to use the Windows keystore.
> Here is what the configuration looks like:
> {noformat}
> <connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" secure="true">
> 				 <ssl name="https" 
> 					key-alias="jbossweb" 
> 					keystore-type="Windows-MY"
> 					protocol="TLSv1"
> 			</connector>
> {noformat}
> This results in an error like this:
> 13:54:01,821 ERROR [org.apache.coyote.http11] (MSC service thread 1-5) JBWEB003043: Error initializing endpoint: java.io.FileNotFoundException: C:\Users\imauser\.keystore (The system cannot find the file specified)
> You can work around this issue by creating this keystore (C:\Users\imauser\.keystore).
> More info on using the Windows keystores can be found here:
> http://docs.oracle.com/javase/7/docs/technotes/guides/security/SunProviders.html#SunMSCAPI
> http://www.oracle.com/technetwork/articles/javase/security-137537.html



--
This message was sent by Atlassian JIRA
(v6.2.6#6264)

More information about the jboss-jira mailing list