Bug 1108307 - [GSS] (6.3.1) Improve the ability to use MS Windows keystore for the web servers ssl connector
Summary: [GSS] (6.3.1) Improve the ability to use MS Windows keystore for the web serv...
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: JBoss Enterprise Application Platform 6
Classification: JBoss
Component: Web
Version: 6.3.0
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: CR1
: EAP 6.3.1
Assignee: Jean-frederic Clere
QA Contact: Radim Hatlapatka
Russell Dickenson
URL:
Whiteboard:
Depends On: 1108310
Blocks: eap631-blockers, eap631-payload, eap63-cp01-blockers 1131814
TreeView+ depends on / blocked
 
Reported: 2014-06-11 17:04 UTC by Derek Horton
Modified: 2018-12-05 18:50 UTC (History)
11 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
: 1108310 (view as bug list)
Environment:
Last Closed: 2014-10-13 18:39:33 UTC
Type: Bug
Embargoed:


Attachments (Terms of Use)
Proposed patch (1.77 KB, patch)
2014-06-19 09:54 UTC, Emmanuel Hugonnet (ehsavoie)
no flags Details | Diff

Description Derek Horton 2014-06-11 17:04:42 UTC
Description of problem:
It is possible to configure the web ssl connector to use the Windows certificate keystore (access provided by the SunMSCAPI provider). However, the JSSESocketFactory checks for a keystore file. This check should likely be skipped when the connector is configured to use the Windows keystore.

Here is what the configuration looks like:
<connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" secure="true">
<ssl name="https" 
key-alias="jbossweb" 
keystore-type="Windows-MY"
protocol="TLSv1"
</connector>

This results in an error like this:
13:54:01,821 ERROR [org.apache.coyote.http11] (MSC service thread 1-5) JBWEB003043: Error initializing endpoint: java.io.FileNotFoundException: C:\Users\imauser\.keystore (The system cannot find the file specified)

You can work around this issue by creating this keystore (C:\Users\imauser\.keystore).

More info on using the Windows keystores can be found here:
http://docs.oracle.com/javase/7/docs/technotes/guides/security/SunProviders.html#SunMSCAPI
http://www.oracle.com/technetwork/articles/javase/security-137537.html

Comment 1 JBoss JIRA Server 2014-06-18 16:11:18 UTC
Emmanuel Hugonnet <ehugonne> updated the status of jira WFLY-3483 to Resolved

Comment 2 Emmanuel Hugonnet (ehsavoie) 2014-06-19 09:54:10 UTC
Created attachment 910317 [details]
Proposed patch

Simple patch that will not define a keystoreFile if we are using the Windows-MY or Windows-ROOT JSSE provider.

Comment 5 Jean-frederic Clere 2014-08-19 14:20:56 UTC
Fixed in jbossweb-7.5.x by r2488

Comment 8 Jakub Cechacek 2014-09-01 08:17:23 UTC
Verified 6.3.1.CP.CR1


Note You need to log in before you can comment on or make changes to this bug.