	cosign-discuss at umich.edu
	general discussion of cosign development and deployment

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Java Cosign Filter

To: John Mitchell <jfm@xxxxxxxxxxx>
Subject: Re: Java Cosign Filter
From: Wesley D Craig <wes@xxxxxxxxx>
Date: Fri, 30 Jul 2004 20:10:20 -0400
Cc: Cosign Discussion <cosign-discuss@xxxxxxxxx>
In-reply-to: <40E57AB0.3080703@minioak.com>
References: <40E57AB0.3080703@minioak.com>

On 02 Jul 2004, at 11:09, John Mitchell wrote:

It is not clear what the keystore is meant to contain - is it just a public / private key pair for the web application - or is it a self signed certificate for the web application...in which case if there is a "real" certificate available - should this be imported into the above keystore? And what about aliases for the keys / certificates - are there any specific aliases that are expected by the filter?

I assume this keystore contains the public/private key pair that the Java Cosign Filter will use to talk to cosignd. This can be the same certificate that https might use for your web application, if:

	that certificate is able to be used for client authentication, and
	cosignd recognizes the CA that signed the certificate

You can tell that your certificate may be used for client authentication with this command:

openssl verify -CApath path_to_CAdir -purpose sslclient server.cert

Sorry for the delay in responding.

:wes

References:
- Java Cosign Filter
  - From: John Mitchell

Prev by Date: Re: audit trail
Next by Date: Question about user creating
Previous by thread: Java Cosign Filter
Next by thread: cosign and MIT Kerberos
Index(es):
- Date
- Thread