Bugzilla (bugzilla.redhat.com) will be under maintenance for infrastructure upgrades and will not be available on July 31st between 12:30 AM - 05:30 AM UTC. We appreciate your understanding and patience. You can follow status.redhat.com for details.
Bug 1193841 - [Doc Bug Fix] Wrong description of trust-store-path & key-store-path parameters
Summary: [Doc Bug Fix] Wrong description of trust-store-path & key-store-path parameters
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: JBoss Enterprise Application Platform 6
Classification: JBoss
Component: Documentation
Version: 6.3.0
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: CR2
: EAP 6.4.0
Assignee: Nidhi
QA Contact: Martin Svehla
URL:
Whiteboard: ACG
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2015-02-18 11:47 UTC by jito
Modified: 2015-04-17 05:16 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Build Name: 22508, Administration and Configuration Guide-6.3-1 Build Date: 18-02-2015 07:26:11 Topic ID: 38719-679352 [Specified]
Last Closed: 2015-04-17 05:16:16 UTC
Type: Bug


Attachments (Terms of Use)

Description jito 2015-02-18 11:47:00 UTC
Title: Configuring Netty Secure Sockets Layer (SSL)

Describe the issue:

#1
When used on an acceptor this is the path to the server side SSL key store that holds the keys of all the clients that the server trusts. This is only relevant for an acceptor if you are using two way SSL (i.e. mutual authentication). When used on a connector this is the path to the client-side SSL key store which holds the public keys of all the servers which the client trusts. When used on a connector this is the password for the client-side truststore. This path is configured on the server, but it is downloaded and used by the client.

#2
trust-store-path: When used on an acceptor this is the path to the server side SSL key store that holds the keys of all the clients that the server trusts. When used on a connector this is the path to the client side SSL key store which holds the public keys of all the servers that the client trusts. This is relevant for a connector for both one way and two way SSL. This path can be configured on the server, but it is downloaded and used by the client 


Suggestions for improvement:

#1: Delete the following: When used on a connector this is the password for the client-side truststore.

#2: The first half is the description of key-store-path, not trust-store-path.

Additional information:

Comment 3 croe@redhat.com 2015-03-16 05:05:59 UTC
Modification for fr-FR translation now completed

#1 - I deleted the following:  When used on a connector this is the password for the client-side truststore.

#2 - I re-translated modified string: "When used on an acceptor this is the path to the server side SSL trust store that holds the certificates of keys of all the clients that the server trusts. When used on a connector this is the path to the client side SSL trust store which holds the certificates of public keys of all the servers that the client trusts. This is relevant for a connector for both one way and two way SSL. This path can be configured on the server, but it is downloaded and used by the client."

Comment 6 Martin Svehla 2015-03-25 13:12:44 UTC
The key-store-path description was completely wrong (thanks Ito!). But the new text is not correct either.

Current key-store-path description is:

"When used on an acceptor this is the path to the server side SSL key store that holds the keys of all the clients that the server trusts. This is only relevant for an acceptor if you are using two way SSL (i.e. mutual authentication).

When used on a connector this is the path to the client-side SSL key store which holds the public keys of all the servers which the client trusts. This path is configured on the server, but it is downloaded and used by the client."

(Notice the word "trust" - we're describing trust stores here, ie which clients does the server trust (in case of an acceptor)? which servers does the client trust (connector)? The description here describes the trust-store-path, not key-store-path. And if you check the trust-store-path they are indeed almost the same).


key-store-path description should be replaced with the following text:

"When used on an acceptor this is the path to the SSL key store on the server which holds the server's certificates (whether self-signed or signed by an authority).

When used on a connector this is the path to the client-side SSL key store which holds the client certificates. This is only relevant for a connector if you are using 2-way SSL (i.e. mutual authentication). Although this value is configured on the server, it is downloaded and used by the client."

(Means for the server side - acceptor - key-store is the store with server certificate, and for the client side - connector - key-store is the store with client certificate.)

Comment 9 Martin Svehla 2015-04-07 07:52:18 UTC
Looks good, thanks Nidhi


Note You need to log in before you can comment on or make changes to this bug.