Uploaded image for project: 'Teiid'
  1. Teiid
  2. TEIID-4080

Prevent expired client/server certificates from being accepted

XMLWordPrintable

    • Icon: Enhancement Enhancement
    • Resolution: Done
    • Icon: Major Major
    • 9.0, 8.12.5, 8.7.13.6_2
    • 8.12.5
    • Server
    • None

      If SSL is enabled (1-way or 2-way) server provides to the client certificate which must be signed by valid certificate of trusted CA.
      If server provides certificate which is signed by certificate of root CA which already expired client accepts this certificate. Client should not accept such certificate.

      This affects 1-way and 2-way authentication modes.

      On the client side, paths are set using teiid-specific properties:

      System.setProperty("org.teiid.ssl.keyStore", clientKeystorePath);
System.setProperty("org.teiid.ssl.keyStorePassword", "keystorepswd");
System.setProperty("org.teiid.ssl.keyAlias", "client");
System.setProperty("org.teiid.ssl.keyPassword", "keystorepswd");
System.setProperty("org.teiid.ssl.trustStore", clientTruststorePath);
System.setProperty("org.teiid.ssl.trustStorePassword", "truststorepswd");

        1. keystore_client.jks
          4 kB
        2. keystore_server_root_expired.jks
          4 kB
        3. truststore_expired.jks
          0.9 kB
        4. truststore.jks
          0.9 kB

              rhn-engineering-shawkins Steven Hawkins
              jdurani Juraj Duráni (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated:
                Resolved: