[OPENDJ-2923] SSLContextBuilder should use the JVM's KeyManager by default - ForgeRock JIRA

XML

Word

Printable

Details

Type: Improvement
Status: Done
Priority: Major
Resolution: Fixed
Affects Version/s: 3.0.0
Fix Version/s: 3.5.0, 4.0.0
Component/s: core apis
Labels:
- EDISON

Support Ticket IDs:

Releases:

$i18n.getText("admin.common.words.hide")

Version		Release date	Issue
3.5.0	🏢	2016-07-20	OPENDJ-2923
4.0.0	🏢	2017-04-03	OPENDJ-2923

$i18n.getText("admin.common.words.show")

Version Release date Issue 3.5.0 🏢 2016-07-20 OPENDJ-2923 4.0.0 🏢 2017-04-03 OPENDJ-2923

Description

When using SSLContextBuilder in the DJ SDK unfortunately when the KeyManager was not explicitly set, it will default to null. This means that trying to perform client certificate authentication with an OOTB SDK can become quite complicated (having to manually create a KeyManager can require several settings from the client application).

It would be best if the SDK could fall back to the JVM's keystore setting (denoted by the -Djavax.net.ssl.keyStore* JVM properties) by default, and this would be also in-line with the JDK's OOTB HttpsURLConnection.

Attachments

Issue Links

is required by

OPENDJ-2996 Update docs regarding fallback to JVM's KeyManager by default

Done

Activity

People

Assignee:: Peter Major [X] (Inactive)

Reporter:: Peter Major [X] (Inactive)

Dev Assignee:: Peter Major [X] (Inactive)

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 2016-04-02 12:47 AM

Updated:: 2019-11-08 12:06 AM

Resolved:: 2016-05-06 8:30 AM