Bill Shannon wrote On 06/11/06 20:32,:
> Jan Luehe wrote:
>
>> In GlassFish, all SSL-enabled HTTP (and IIOP) listeners share the same
>> key- and truststore locations, which are specified via system
>> properties.
>> Also, the key- and truststore types are hard-coded to "JKS".
>>
>> Other containers such as Tomcat do not have this limitation.
>>
>> This limitation was also brought up in
>>
>> https://glassfish.dev.java.net/issues/show_bug.cgi?id=657
>>
>> The limitation in GlassFish can be fixed with a few minor code tweaks
>> (at least in the HTTP, and possibly also in the IIOP case), but it
>> will also require adding configuration support for key- and truststore
>> locations and types at the HTTP and IIOP listener level.
>>
>> Therefore, I propose adding "keystore", "keystore-type",
>> "truststore", and
>> "truststore-type" attributes to the <ssl> element in domain.xml, as
>> follows:
>
>
> Will the admin GUI be updated to make this easy to configure?
Yes.
In the case of EE, the GUI should also do validation of the attribute
values to ensure they meet the constraints imposed by NSS, which
were described in a separate email.
Jan
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: dev-help_at_glassfish.dev.java.net
>