JKS support

Question

JKS support

Closed this issue 5 years ago · 1 comments

The current (v0.0.6.3) trusts all CA chains, please add JKS support for chain lists, CRL and two-way TLS/SSL connections.

Answer 1 · 2019-05-04T14:16:46.000Z

This issue is resolved via fix for issue #2. Use the following properties (as an example), by adding them to WS.WS$PROP$

-- setup JKS keystore
insert into ws$prop$ a ( a.name, a.value ) values ( 'javax.net.ssl.keyStoreType',       'pkcs12' );
insert into ws$prop$ a ( a.name, a.value ) values ( 'javax.net.ssl.trustStoreType',     'jks' );

-- ensure the file name is fully-qualifed and avaiable on all RAC nodes
insert into ws$prop$ a ( a.name, a.value ) values ( 'javax.net.ssl.keyStore',           '/home/oracle/wallet/clientcertificate.p12' );
insert into ws$prop$ a ( a.name, a.value ) values ( 'javax.net.ssl.trustStore',         '/home/oracle/wallet/gridserver.keystore' );

--
insert into ws$prop$ a ( a.name, a.value ) values ( 'javax.net.ssl.keyStorePassword',   '$PASS' );
insert into ws$prop$ a ( a.name, a.value ) values ( 'javax.net.ssl.trustStorePassword', '$PASS' );

-- optional for verbose debugging
insert into ws$prop$ a ( a.name, a.value ) values ( 'javax.net.debug',                  'ssl' );