Uploaded image for project: 'WildFly'
  1. WildFly
  2. WFLY-3483

Improve the ability to use MS Windows keystore for the web servers ssl connector

    XMLWordPrintable

Details

    • Enhancement
    • Resolution: Done
    • Major
    • 8.1.0.Final
    • 8.1.0.Final
    • Security
    • None

    Description

      It is possible to configure the web ssl connector to use the Windows certificate keystore (access provided by the SunMSCAPI provider). However, the JSSESocketFactory checks for a keystore file. This check should likely be skipped when the connector is configured to use the Windows keystore.

      Here is what the configuration looks like:

      <connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" secure="true">
				 <ssl name="https" 
					key-alias="jbossweb" 
					keystore-type="Windows-MY"
					protocol="TLSv1"
			</connector>

      This results in an error like this:
      13:54:01,821 ERROR [org.apache.coyote.http11] (MSC service thread 1-5) JBWEB003043: Error initializing endpoint: java.io.FileNotFoundException: C:\Users\imauser\.keystore (The system cannot find the file specified)

      You can work around this issue by creating this keystore (C:\Users\imauser\.keystore).

      More info on using the Windows keystores can be found here:
      http://docs.oracle.com/javase/7/docs/technotes/guides/security/SunProviders.html#SunMSCAPI
      http://www.oracle.com/technetwork/articles/javase/security-137537.html

      Attachments

        Activity

          People

            darran.lofthouse@redhat.com Darran Lofthouse
            rhn-support-dehort Derek Horton
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: