[ http://issues.apache.org/jira/browse/GERONIMO-2413?page=comments#action_12442928 ] Vamsavardhana Reddy commented on GERONIMO-2413: -----------------------------------------------
Here is a scenario I have tested. Step 1. Setup CA by entering CA Name details etc. Step 2. Generate a CSR from geronimo-default keystore and process the server certificate request using "Issue New Certificate" link in CA portlet. Step 3. Import CA's certificate as trusted and the CA reply. Step 4. Setup an HTTPS Connector configured for client authentication. Step 5. Start the CA Helper application from "Web App WARs" portlet In a second browser window, Step 6. Access the CA Helper Application at http://localhost:8080/CAHelper through a web browser that supports KEYGEN tag. Internet Explorer does not support KEYGEN tag. Step 7. Submit a Certificate Request through web brower using "Request Certificate" link. Upon submission the request shows up in "Requests to be verified" page in CA portlet. NOTE: Make a note of the request id as it will be required to download the cerfiticate issued by the CA. In CA portlet, Step 8. Approve the request through CA portllet using "Requests to be verified" link. Approved requests showup in "Requests to be fulfilled" page. Step 9. Process the request from "Requests to be fulfilled" page and issue certificate. In the CA Helper window, Step 10. Import CA's certificate into web browser suing "Download CA certificate" link. Step 11. Install personal certificate using the "Download Certificate" link and request id from Step 7 above. Step 12. Access the verify certificate link to verify that the certificate is downloaded and installed. Summary of the scenario: CA is setup; a certificate request is submitted through web browser and issued certificate is downloaded into the web browser. > Add a Certification Authority (CA) portlet to Geronimo console > -------------------------------------------------------------- > > Key: GERONIMO-2413 > URL: http://issues.apache.org/jira/browse/GERONIMO-2413 > Project: Geronimo > Issue Type: New Feature > Security Level: public(Regular issues) > Components: console, security > Reporter: Vamsavardhana Reddy > Fix For: 1.2, 1.x > > Attachments: 02.ca-initialization-enter-details.JPG, > 07.issue-certificate-show-csr-details.JPG, > 09.issue-certificate-successful.JPG, GERONIMO-2413-revised.patch, > GERONIMO-2413-v1.2.patch, GERONIMO-2413.patch, GeronimoCA.zip > > > A Certification Authority portlet will be very useful. A full fledged CA may > be a long way to go. But what ever minimum function is required to process > CSR's etc. is not hard and the users can issue their own digital certificates > instead of getting trial certificates from some CA. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira
