On Fri, Feb 4, 2011 at 8:35 PM, Asela Pathberiya <as...@wso2.com> wrote:
> > > On Fri, Feb 4, 2011 at 7:00 PM, Thilina Buddhika <thili...@wso2.com>wrote: > >> Hi Devs, >> >> Currently we are setting wso2carbon.jks as the default trust-store in a >> Carbon instance. This is set during the server startup inside the >> CarbonServerManager class. >> >> IMO, it should be client-truststore.jks which should be set as the default >> trust-store in Carbon while treating wso2carbon.jks only as the primary key >> store. Usually users manage their primary key stores separately from the >> trust store. But with the current implementation, they have to import some >> of certificates to the primary key store to get certain scenarios working. >> > > +1 Then we are not going to ship the CA certificates with wso2carbon.jks ? > Still we need to do this. If a user replaces the default wso2carbon certificate with a CA signed certificate, he also needs to add the CA certificate to complete the certificate chain. This step can be omitted in most of the cases, if we can include the set of default CA certs shipped with JDK in our key store. Also on a side note, we should update our key stores with the CA certs available in JDK 6 which is more up to date. Thanks, Thilina > > Thanks, > Asela. > > >> >> Also for transports, we are using wso2carbon.jks as the key store while >> using client-truststore.jks as the trust-store. So it will be more >> consistent to use client-truststore.jks as the system wide trust store >> instead of the wso2carbon.jks. >> >> To make this change, we have to add a new configuration element to the >> carbon.xml similar to the existing key store configuration. >> >> Let us know your feedback on this. >> >> Thanks, >> Thilina >> >> -- >> Thilina Buddhika >> Senior Software Engineer >> WSO2 Inc. ; http://wso2.com >> lean . enterprise . middleware >> >> phone : +94 77 44 88 727 >> blog : http://blog.thilinamb.com >> >> _______________________________________________ >> Carbon-dev mailing list >> Carbon-dev@wso2.org >> http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev >> >> > > _______________________________________________ > Carbon-dev mailing list > Carbon-dev@wso2.org > http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev > > -- Thilina Buddhika Senior Software Engineer WSO2 Inc. ; http://wso2.com lean . enterprise . middleware phone : +94 77 44 88 727 blog : http://blog.thilinamb.com
_______________________________________________ Carbon-dev mailing list Carbon-dev@wso2.org http://mail.wso2.org/cgi-bin/mailman/listinfo/carbon-dev
