Jan Luehe wrote:
>
>
> Bill Shannon wrote On 06/11/06 20:32,:
>
>> Jan Luehe wrote:
>>
>>> In GlassFish, all SSL-enabled HTTP (and IIOP) listeners share the same
>>> key- and truststore locations, which are specified via system
>>> properties.
>>> Also, the key- and truststore types are hard-coded to "JKS".
>>>
>>> Other containers such as Tomcat do not have this limitation.
>>>
>>> This limitation was also brought up in
>>>
>>> https://glassfish.dev.java.net/issues/show_bug.cgi?id=657
>>>
>>> The limitation in GlassFish can be fixed with a few minor code tweaks
>>> (at least in the HTTP, and possibly also in the IIOP case), but it
>>> will also require adding configuration support for key- and truststore
>>> locations and types at the HTTP and IIOP listener level.
>>>
>>> Therefore, I propose adding "keystore", "keystore-type",
>>> "truststore", and
>>> "truststore-type" attributes to the <ssl> element in domain.xml, as
>>> follows:
>>
>>
>> Will the admin GUI be updated to make this easy to configure?
>
>
> Yes.
>
> In the case of EE, the GUI should also do validation of the attribute
> values to ensure they meet the constraints imposed by NSS, which
> were described in a separate email.
>
GUI always allows configurating attributes for any elements in
domain.xml. If there is backend support for validating these
attributes, there shouldn't be any problem for GUI to impose the
constraints.
thanks
Anissa.
>
> Jan
>
>
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: dev-unsubscribe_at_glassfish.dev.java.net
>> For additional commands, e-mail: dev-help_at_glassfish.dev.java.net
>>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: dev-unsubscribe_at_glassfish.dev.java.net
> For additional commands, e-mail: dev-help_at_glassfish.dev.java.net
>