Adding rajas and connector team members On Thu, Jan 18, 2018 at 5:58 PM, Indunil Upeksha Rathnayake < indu...@wso2.com> wrote:
> Hi, > > As per the documentation in [1], the certificate of CA, which issued the > client certificate, should be added into the JVM trust store. Please find > the following concerns regarding this. > > - We should add the CA certificate which issued the client > certificate, as a certificate authority in the browser. So that will be > added to the root certificate store in browser. > > The CA certificates in root certificate store, will determine which > endpoints we will be allowed to communicate with, in this case it will > allow the client to connect to whichever server presents a certificate > which was signed by one of the certificate authorities. > > - During the mutual SSL with X509 authenticator, there is no need to > consider JVM trust store in client side, since this is a direct call from > browser to the server. > > > - During the mutual SSL with X509 authenticator, there is no need to > consider JVM trust store in server side, since in server side, we have a > configured trust store. JVM trsust store is needed, if only the server > configured trust store is not loaded into the SSLContext. > > > So that, AFAIU, it is not needed to add CA certificate into JVM trust > store either in client or server side. WDYT? > > Appreciate your ideas on this. > > [1] https://docs.wso2.com/display/ISCONNECTORS/Configuring+ > X509Certificate+Authenticator#ConfiguringX509CertificateAuthenticator- > Workingwithcertificates > > Thanks and Regards > -- > Indunil Upeksha Rathnayake > Software Engineer | WSO2 Inc > Email indu...@wso2.com > Mobile 0772182255 > -- Indunil Upeksha Rathnayake Software Engineer | WSO2 Inc Email indu...@wso2.com Mobile 0772182255
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
