Loading...

XML

Word

Printable

Details

Type: Enhancement
Resolution: Done
Priority: Major
Fix Version/s: 9.0, 8.12.5, 8.7.13.6_2
Affects Version/s: 8.12.5
Component/s: Server
Labels:
None

Bugzilla References:
https://bugzilla.redhat.com/show_bug.cgi?id=1318154, https://bugzilla.redhat.com/show_bug.cgi?id=1481709

Description

If SSL is enabled (1-way or 2-way) server provides to the client certificate which must be signed by valid certificate of trusted CA.
If server provides certificate which is signed by certificate of root CA which already expired client accepts this certificate. Client should not accept such certificate.

This affects 1-way and 2-way authentication modes.

On the client side, paths are set using teiid-specific properties:

System.setProperty("org.teiid.ssl.keyStore", clientKeystorePath);
System.setProperty("org.teiid.ssl.keyStorePassword", "keystorepswd");
System.setProperty("org.teiid.ssl.keyAlias", "client");
System.setProperty("org.teiid.ssl.keyPassword", "keystorepswd");
System.setProperty("org.teiid.ssl.trustStore", clientTruststorePath);
System.setProperty("org.teiid.ssl.trustStorePassword", "truststorepswd");

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

keystore_client.jks
4 kB
2016/03/16 3:50 AM
keystore_server_root_expired.jks
4 kB
2016/03/16 3:50 AM
truststore_expired.jks
0.9 kB
2016/03/16 3:50 AM
truststore.jks
0.9 kB
2016/03/16 3:50 AM

Activity

People

Assignee:: Steven Hawkins

Reporter:: Juraj Duráni (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Dates

Created:: 2016/03/16 3:51 AM

Updated:: 2021/10/24 6:56 AM

Resolved:: 2016/03/21 3:03 PM