Uploaded image for project: 'Openfire'
  1. Openfire
  2. OF-1854

Allow trust and identitystores to be of different type

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Resolved
    • Priority: Minor
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 4.4.2
    • Component/s: TLS
    • Labels:
      None

      Description

      The type of certificate stores that are either used for 'trust' of 'identity' is currently already configurable (it defaults to 'jks', which is expected to be used by the vast majority of Openfire instances, as that's the type used for the keystore files that ship with Openfire). For each connection type, a setting can be set that affects the type of both the truststore as well as identitystore of that connection type.

      To allow for more flexibility, a configuration option should be added that allows the identity store and trust store to have different types.

      Although this appears overkill at first (which is likely why this level of granularity wasn't included up until now), this configuration option can be used to leverage a Windows-specific feature of JVMs: by configurating the type of "Windows-ROOT" and "Windows-MY" for trust stores, respectively identity stores, Openfire, in theory, could integrate with the Windows-provided certificate stores.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              guus Guus der Kinderen
              Reporter:
              guus Guus der Kinderen
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: