Jan Luehe wrote:
> In GlassFish, all SSL-enabled HTTP (and IIOP) listeners share the same
> key- and truststore locations, which are specified via system properties.
> Also, the key- and truststore types are hard-coded to "JKS".
>
> Other containers such as Tomcat do not have this limitation.
>
> This limitation was also brought up in
>
> https://glassfish.dev.java.net/issues/show_bug.cgi?id=657
>
> The limitation in GlassFish can be fixed with a few minor code tweaks
> (at least in the HTTP, and possibly also in the IIOP case), but it
> will also require adding configuration support for key- and truststore
> locations and types at the HTTP and IIOP listener level.
>
> Therefore, I propose adding "keystore", "keystore-type", "truststore", and
> "truststore-type" attributes to the <ssl> element in domain.xml, as
> follows:
Will the admin GUI be updated to make this easy to configure?