You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository was archived by the owner on Jan 30, 2020. It is now read-only.
Been having some trouble getting the certificate authority working:
If I start it in secure mode, the client lacks the SSLContext to connect to it.
If I start it in insecure mode, it cannot communicate with the other core systems (which is still in secure mode), so it cannot get the public key from the authorisation system.
Kinda got it all to work in secure mode, but had to bypass a few security measurements to do so:
Had to call setNeedClientAuth(false) in the CA, so it doesn't require a certificate from the client, which it cannot provide at this stage.
Changed CertAuthorityACF to not filter anything - again as the client cannot provide any certificates to filter on.
I manually transferred the cloud trust store to the client and loaded it in the CertificateBootstrapper class, so that the client would accept the certificate from the CA system. Was playing around with getting it through an insecure version of the CA, started simultaneously with the secure version - didn't get that to work though.
Anyhow, know that this is probably not the correct/secure solution to take, just thought I'd report on my progress playing with the CA. Haven't pushed any of this in, so it won't get mixed up in the release code (if I do I will keep it on a separate branch in my own fork).
Been having some trouble getting the certificate authority working:
Kinda got it all to work in secure mode, but had to bypass a few security measurements to do so:
setNeedClientAuth(false)in the CA, so it doesn't require a certificate from the client, which it cannot provide at this stage.CertAuthorityACFto not filter anything - again as the client cannot provide any certificates to filter on.CertificateBootstrapperclass, so that the client would accept the certificate from the CA system. Was playing around with getting it through an insecure version of the CA, started simultaneously with the secure version - didn't get that to work though.Anyhow, know that this is probably not the correct/secure solution to take, just thought I'd report on my progress playing with the CA. Haven't pushed any of this in, so it won't get mixed up in the release code (if I do I will keep it on a separate branch in my own fork).