users@glassfish.java.net

Re: Glassfish 3.1 and NSS/FIPS

From: Kumar Jayanti <v.b.kumar.jayanti_at_oracle.com>
Date: Thu, 12 Jan 2012 10:19:00 +0530

On 11-Jan-2012, at 11:50 PM, forums_at_java.net wrote:

> Hi Kumar,
>
> Thank you for the tip. As for the use case, I want Glassfish to use the NSS
> libraries as the cryptography provider (for SSL) as the libraries are FIPS
> compliant and already validated by NIST. Does the GlassfishSSLImpl just use
> what is configured in the JSSE? In that case, can I just modify the
> java.security configuration file in the JRE
This is not the case.
> to use NSS/SunPKCS11? Or do
> I need to create my own implementation as you suggested?
>
That's my understanding.

You can probably make grizzly use a PKCS11 store directly (without having to write the SSLImplementation) : http://weblogs.java.net/blog/kumarjayanti/archive/2009/08/26/configuring-non-jks-keystore-glassfish-v3
but we have never tested that. I have tested pkcs12 though.

regards,
kumar
> Thanks
>
>
> --
>
> [Message sent by forum member 'kongar']
>
> View Post: http://forums.java.net/node/882246
>
>