[Amdatu-developers] [JIRA] (AMDATUOPENSOCIAL-132) Add SSL support for shindig

Wed, 11 Jan 2012 06:17:42 -0800 

    [ 
http://jira.amdatu.org/jira/browse/AMDATUOPENSOCIAL-132?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12043#comment-12043
 ] 

Marcel Offermans commented on AMDATUOPENSOCIAL-132:
---------------------------------------------------

I would approach this slightly differently. Directly changing your cacerts file 
in the JDK/JRE is a bad idea. Why not make a copy of that file, import your 
extra trusted certificate into that one, and use the system property: 
-Djavax.net.ssl.trustStore=whateveryounamedyourcopy to point the VM to your 
trust store.

This approach will probably still break down in a multi tenant environment, if 
you want to give each tenant their own trust store (and key store) but since 
neither Shindig nor our HTTP Service currently really support multi tenancy (in 
the sense that each tenant gets its own container) this won't be an issue 
straight away.
                
> Add SSL support for shindig
> ---------------------------
>
>                 Key: AMDATUOPENSOCIAL-132
>                 URL: http://jira.amdatu.org/jira/browse/AMDATUOPENSOCIAL-132
>             Project: Amdatu OpenSocial
>          Issue Type: Improvement
>          Components: Shindig
>    Affects Versions: 0.2.1
>            Reporter: Manuel Stampe
>         Attachments: error.txt
>
>
> I've enabled SSL support for Jetty as described in AMDATU-212.
> Though I've imported the in the keystore used certificate to my cacerts file 
> with following command:
>   keytool -import -alias manuel -file jetty.crt -keystore "c:\Program Files 
> (x86)\Java\jdk1.6.0_
>   25\jre\lib\security\cacerts"
> I get an "javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated" 
> error when the gadgets are to be retrieved.
> However the message  
>   WARNING: javax.net.ssl.SSLException: Received fatal alert: 
> certificate_unknown [org.apache.felix.http.jetty]
> could indicate that something with the (self-signed) keys is not configured 
> properly.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
http://jira.amdatu.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        
_______________________________________________
Amdatu-developers mailing list
[email protected]
http://lists.amdatu.org/mailman/listinfo/amdatu-developers

Reply via email to