07, 2015 1:46 PM
To: users@cxf.apache.org; cohei...@apache.org
Subject: Re: Using a custom CertPathChecker
As far as I know you can't do private keys with PKCS7 format. Try the
PKCS12 format.
Vishnu
On 2015-04-07, 13:35, "stephen.ctr.chapp...@faa.gov"
wrote:
>So here is whe
ribed in
>the original email, so I guess I will stick with that solution.
>
>Stephen W. Chappell
>
>-Original Message-
>From: Chappell, Stephen CTR (FAA)
>Sent: Tuesday, April 07, 2015 12:22 PM
>To: users@cxf.apache.org; cohei...@apache.org
>Subject: RE: Using a cu
xf.apache.org; cohei...@apache.org
Subject: RE: Using a custom CertPathChecker
I thought I needed PKCS7, not PKCS12?
Stephen W. Chappell
-Original Message-
From: Vishnu Radhakrishnan [mailto:vis...@10point1.com]
Sent: Tuesday, April 07, 2015 11:01 AM
To: users@cxf.apache.org; cohei...@apache.org
I thought I needed PKCS7, not PKCS12?
Stephen W. Chappell
-Original Message-
From: Vishnu Radhakrishnan [mailto:vis...@10point1.com]
Sent: Tuesday, April 07, 2015 11:01 AM
To: users@cxf.apache.org; cohei...@apache.org
Subject: Re: Using a custom CertPathChecker
keytool -list -storetype
ool in the right order,
>>that keytool would establish a cert chain. Instead it just adds them as
>>individual certificates with no cert chain to be found.
>>
>>Stephen W. Chappell
>>
>>-Original Message-
>>From: Chappell, Stephen CTR (FAA)
>>Sent
shnu Radhakrishnan [mailto:vis...@10point1.com]
Sent: Tuesday, April 07, 2015 10:28 AM
To: users@cxf.apache.org; cohei...@apache.org
Subject: Re: Using a custom CertPathChecker
From the keytool man - it imports certificate chain, if input is given in
PKCS#7 format, otherwise only the single certific
1 instead of 3. That's when I posted the question.
Stephen W. Chappell
-Original Message-
From: Vishnu Radhakrishnan [mailto:vis...@10point1.com]
Sent: Tuesday, April 07, 2015 10:28 AM
To: users@cxf.apache.org; cohei...@apache.org
Subject: Re: Using a custom CertPathChecker
>Fr
gt;
>Stephen W. Chappell
>
>-Original Message-
>From: Chappell, Stephen CTR (FAA)
>Sent: Tuesday, April 07, 2015 8:21 AM
>To: cohei...@apache.org
>Cc: users@cxf.apache.org
>Subject: RE: Using a custom CertPathChecker
>
>Well, that must be the issue. I just ran
en CTR (FAA)
Sent: Tuesday, April 07, 2015 8:21 AM
To: cohei...@apache.org
Cc: users@cxf.apache.org
Subject: RE: Using a custom CertPathChecker
Well, that must be the issue. I just ran it through the debugger, and
getCertificateChain is returning null each time. I’ve added code in my
subclassed
W. Chappell
From: Colm O hEigeartaigh [mailto:cohei...@apache.org]
Sent: Tuesday, April 07, 2015 8:12 AM
To: Chappell, Stephen CTR (FAA)
Cc: users@cxf.apache.org
Subject: Re: Using a custom CertPathChecker
Ok cool. Just bear in mind that WSS4J won't wire up the trust chain using
individual
;
>
> *From:* Colm O hEigeartaigh [mailto:cohei...@apache.org]
> *Sent:* Tuesday, April 07, 2015 7:59 AM
> *To:* Chappell, Stephen CTR (FAA)
> *Cc:* users@cxf.apache.org
> *Subject:* Re: Using a custom CertPathChecker
>
>
>
> "getX509Certificates" calls "getCer
...@apache.org]
Sent: Tuesday, April 07, 2015 7:59 AM
To: Chappell, Stephen CTR (FAA)
Cc: users@cxf.apache.org
Subject: Re: Using a custom CertPathChecker
"getX509Certificates" calls "getCertificates" which (first) calls
"getCertificateChain" on the keystore. Your i
27;s also an open question (or rather, open disagreement) about
> revocation checking the Root CA cert, but this list is probably not the
> right place for that discussion.
>
> Stephen W. Chappell
>
> -Original Message-
> From: Chappell, Stephen CTR (FAA)
> Sent: Fri
t; Thanx,
> Stephen W. Chappell
>
> -Original Message-
> From: Colm O hEigeartaigh [mailto:cohei...@apache.org]
> Sent: Friday, April 03, 2015 9:47 AM
> To: users@cxf.apache.org
> Subject: Re: Using a custom CertPathChecker
>
> Hi Stephen,
>
> There is no way to
ion.
Stephen W. Chappell
-Original Message-
From: Chappell, Stephen CTR (FAA)
Sent: Friday, April 03, 2015 9:56 AM
To: users@cxf.apache.org; cohei...@apache.org
Subject: RE: Using a custom CertPathChecker
Colm -
No, I don't have any better suggestions. In fact, subclassing Merlin and
il 03, 2015 9:47 AM
To: users@cxf.apache.org
Subject: Re: Using a custom CertPathChecker
Hi Stephen,
There is no way to add CertPathCheckers at the moment, beyond subclassing
Merlin and overriding the "verifyTrust" method. I could add a method to
customize the PKIXParameters object though
Hi Stephen,
There is no way to add CertPathCheckers at the moment, beyond subclassing
Merlin and overriding the "verifyTrust" method. I could add a method to
customize the PKIXParameters object though, that could be overridden by a
subclass though which would be better. Or do you have any other su
I have a requirement to use a custom CertPathChecker in my code. With "bare"
JVM, I can add the checker to my PKIXParameters and validate away. But, using
Merlin (in WSS4J 1.6.17), there don't appear to be any hooks to add a custom
checker or customize the PKIXParameters that are being used. Is
18 matches
Mail list logo