users@glassfish.java.net

Re: Glassfish 3.1 and NSS/FIPS

From: Kumar Jayanti <v.b.kumar.jayanti_at_oracle.com>
Date: Wed, 11 Jan 2012 10:44:38 +0530

On 11-Jan-2012, at 9:55 AM, forums_at_java.net wrote:

> Hello,
>
> So according to documentation, Glassfish 3.1 does not support NSS (Network
> Security Servics). Does anyone know if the application server can be
> configured to use it even if it is not officially supported? My project is
> reliant on the NSS libraries for FIPS compliance, and we're trying to figure
> out how we can upgrade our servers and still be compliant.
Is your end usecase the need to support a PKCS11 token ?.

Otherwise if the purpose of NSS stores is really for use in SSL then here is what can be done. The classname for SSL Implementation is pluggable in grizzly so in domain.xml you would see the default classname supplied as GlassfishSSLImpl. You can make a new impl of this that makes use of NSS underneath.

<ssl classname="com.sun.enterprise.security.ssl.GlassfishSSLImpl" cert-nickname="s1as"></ssl>


>
> Thanks!
>
>
> --
>
> [Message sent by forum member 'kongar']
>
> View Post: http://forums.java.net/node/882246
>
>