JiriOndrusek commented on issue #5967: URL: https://github.com/apache/camel-quarkus/issues/5967#issuecomment-2104775691
> Indeed https://github.com/cescoffier/certificate-generator would be great to replace them all. I did not know it exist, thanks for the pointer. IIRC, we were forced to use openssl for writing PKCS12 stores, because Java's `java.security.KeyStore` did not support some sort of store encoding required by FIPS. Looking at https://github.com/cescoffier/certificate-generator/blob/main/certificate-generator/src/main/java/me/escoffier/certs/CertificateUtils.java#L200-L270 it seems that it is using `java.security.KeyStore` for writing the stores. But you mentioned recently @JiriOndrusek that JKS works on FIPS too? I wonder whether we need to try to fix certificate-generator's PKCS12 impl to comply with FIPS? With one of the recent java updates (I'm not sure which concrete build it was), certificates generated by the java keystore work in FIPS environment. (I noticed it several weeks ago) Therefore the certificate-generator project should cover all our needs. I'm currently trying to solve FIPS for kafka tests and I'm using the certificate-generator, which seems to be easily usable. Once I'm sure that all works, I'll ping you on the PR to discuss whether we want to use such approach on the whole project. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: commits-unsubscr...@camel.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
