JKS support
Closed this issue · 1 comments
nvanwyen commented
The current (v0.0.6.3) trusts all CA chains, please add JKS support for chain lists, CRL and two-way TLS/SSL connections.
nvanwyen commented
This issue is resolved via fix for issue #2. Use the following properties (as an example), by adding them to WS.WS$PROP$
-- setup JKS keystore
insert into ws$prop$ a ( a.name, a.value ) values ( 'javax.net.ssl.keyStoreType', 'pkcs12' );
insert into ws$prop$ a ( a.name, a.value ) values ( 'javax.net.ssl.trustStoreType', 'jks' );
-- ensure the file name is fully-qualifed and avaiable on all RAC nodes
insert into ws$prop$ a ( a.name, a.value ) values ( 'javax.net.ssl.keyStore', '/home/oracle/wallet/clientcertificate.p12' );
insert into ws$prop$ a ( a.name, a.value ) values ( 'javax.net.ssl.trustStore', '/home/oracle/wallet/gridserver.keystore' );
--
insert into ws$prop$ a ( a.name, a.value ) values ( 'javax.net.ssl.keyStorePassword', '$PASS' );
insert into ws$prop$ a ( a.name, a.value ) values ( 'javax.net.ssl.trustStorePassword', '$PASS' );
-- optional for verbose debugging
insert into ws$prop$ a ( a.name, a.value ) values ( 'javax.net.debug', 'ssl' );