[
https://issues.apache.org/jira/browse/SLIDER-802?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jonathan Maron updated SLIDER-802:
----------------------------------
Description:
For applications that take advantage of the certificate store generation
feature, there may be a need for the client's to obtain truststores and,
optionally, keystores to successfully communicate via SSL to the server-side
application components.
One possible approach is a CLI option:
slider ssl-support --keystore <path for generated file> --subj <DN for client>
Some key points:
1) Could use the localhost from where the client is invoked to create the
subject DN (CN=<localhost name>) if no subject is specified
2) For clients to access these stores they will need access to store
passwords. I believe it's be most appropriate to leverage the Credential
Provider facility.
was:
For applications that take advantage of the certificate store generation
feature, there may be a need for the client's to obtain truststores and,
optionally, keystores to successfully communicate via SSL to the server-side
application components.
One possible approach is a CLI option:
slider ssl-support --keystore <path for generated file> --subj <DN for client>
Some key points:
1) Could use the localhost from where the client is invoked to create the
subject DN (CN=<localhost name>) if no subject is specified
2) For client's to access these stores they will need access to store
passwords. I believe it's be most appropriate to leverage the Credential
Provider facility.
> Need mechanism for client truststore and keystore retrieval
> -----------------------------------------------------------
>
> Key: SLIDER-802
> URL: https://issues.apache.org/jira/browse/SLIDER-802
> Project: Slider
> Issue Type: Bug
> Components: client, security
> Reporter: Jonathan Maron
> Assignee: Jonathan Maron
>
> For applications that take advantage of the certificate store generation
> feature, there may be a need for the client's to obtain truststores and,
> optionally, keystores to successfully communicate via SSL to the server-side
> application components.
> One possible approach is a CLI option:
> slider ssl-support --keystore <path for generated file> --subj <DN for client>
> Some key points:
> 1) Could use the localhost from where the client is invoked to create the
> subject DN (CN=<localhost name>) if no subject is specified
> 2) For clients to access these stores they will need access to store
> passwords. I believe it's be most appropriate to leverage the Credential
> Provider facility.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
