Project

General

Profile

Bug #4031

More features in supporting SSL in morpho

Added by Jing Tao over 11 years ago. Updated almost 8 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
Category:
morpho - general
Target version:
Start date:
04/28/2009
Due date:
% Done:

0%

Estimated time:
Bugzilla-Id:
4031

Description

1. Update certificate before it expires.
Option 1: Morpho automatically download the certificate from a given url. The url can be a apache one, like http://knb.ecoinformatics.org/certificate or metacat api, like http://knb.ecoinformatics.org/knb/metacat?action=getCertificate.
Option 2: release a patch of morpho before knb certificate expires. The patch (jar file) contains the java code and certificate, which can delete old knb cert and put new cert into keystore.

2. Morpho has mechanism to update certificate - It should NOT just replace old keystore since it may contains user's owner certificates. It just deletes the old certificate (if exists) and put new one into the keystore.

3. Give user a GUI to import their own certificate into keystore.

History

#1 Updated by ben leinfelder almost 8 years ago

I think our understanding and use of SSL has improved over the past three years. For Morpho 2.0 we have removed the custom trust store from Morpho which would only allow use to trust the KNB, SANParks and a couple dev.nceas servers when using https.
Instead we will rely on the default JVM trust store that a user can augment in cases where the CA that issued their server's certificate is not a commercial CA.
For DataONE MNs this can sometimes be the case, though we discourage it.
the DataONE libclient library also augments the default trust store with CAs that we know to trust (including CILogon and DataONE CA). I think this is the way to approach SSL trust and we should not build a custom UI for managing a custom truststore.

#2 Updated by Redmine Admin over 7 years ago

Original Bugzilla ID was 4031

Also available in: Atom PDF