[ http://issues.apache.org/jira/browse/GERONIMO-911?page=comments#action_12443609 ] Paul McMahan commented on GERONIMO-911: ---------------------------------------
IANASE. But I agree with Aaron's comment that the warning message about self-signed cert would not make a good first impression. The only way that I know of to avoid the message would be for Geronimo to use a certificate that has been signed by a trusted root ca like verisign or thawte. I notice that https://svn.apache.org uses a cert signed by Starfield and that one does not produce a browser warning. I wonder if ASF might be able to provide its projects with certificates signed by a trusted CA? Even if so I am doubtful it would be appropriate to redistribute that cert in a server assembly. > Admin Console should require SSL > -------------------------------- > > Key: GERONIMO-911 > URL: http://issues.apache.org/jira/browse/GERONIMO-911 > Project: Geronimo > Issue Type: Improvement > Security Level: public(Regular issues) > Components: console > Affects Versions: 1.0-M5 > Environment: all > Reporter: Donald Woods > Assigned To: Donald Woods > Priority: Trivial > Fix For: 1.x > > Attachments: Geronimo-911.patch > > > Admin Console login and Portlet access should require SSL to protect the > system password and any connector/DB/LDAP configured passwords in the > Portlets. > I'm willing to create and post a patch for this, once I get a couple other > items off my plate... -Donald -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira
