Uploaded image for project: 'Infinispan'
  1. Infinispan
  2. ISPN-12726

Server should support a truststore for client cert validation

    XMLWordPrintable

Details

    • Enhancement
    • Resolution: Done
    • Major
    • 12.1.0.CR1
    • 12.0.0.Final
    • Security, Server
    • None

    Description

      While it is possible to authenticate clients using a certificate, this requires a trust store realm which means adding all possible client certificates to the trust store. Simple validation (not authentication) of certificates based on their trust chain is currently not supported.

      We should enhance the SSL server identity to support a truststore without requiring a trust realm.

      <security-realm name="default">
         <server-identities>
            <ssl>
               <keystore path="server.pfx" keystore-password="secret" alias="server"/>
               <truststore path="ca.pfx"  password="secret"/>
            </ssl>
         </server-identities>
      </security-realm>

      If a truststore is present, client cert will be required on incoming connections.

      Attachments

        Activity

          People

            ttarrant@redhat.com Tristan Tarrant
            ttarrant@redhat.com Tristan Tarrant
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: