Uploaded image for project: 'OpenDJ'
  1. OpenDJ
  2. OPENDJ-3842

Mention that production mode requires an EC or RSA cert

    Details

    • Type: Bug
    • Status: Done
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 4.0.0
    • Fix Version/s: 4.0.0
    • Component/s: documentation
    • Labels:
      None

      Description

      The default key algorithm when generating a key pair with keytool seems to be DSA.

      The cipher suites used in production mode are restricted to EC and RSA.

      So if you bring your own keystore but you did not set the key algorithm when generating the key pair to EC or RSA, the server won't be able to set up secure connections. It refuses the SSL handshake.

      The install doc does not yet mention this crucial point.

        Attachments

          Activity

            People

            • Assignee:
              Mark Mark Craig
              Reporter:
              Mark Mark Craig
              Dev Assignee:
              Mark Craig
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: