Re: AW: AW: AW: [geclipse-dev] CA certificate loading

[Romain <reuillon@xxxxxxxx>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


> 
> I think a shortcut like
> 
> Security.setCertificateLocation( path );

Ok, coool, it seems good to me...
> 
> should do the trick.
> 
> But there is one thing we should always keep in mind. If we are changing
> the cert managers default directory all newly loaded or imported
> certificates will be stored in this directory as well! That means if you
> would like to import certificates from the EuGridPMA repos these will
> end up in the WNs default cert directory then most likely overwriting
> the old certificates there! Since an ordinary user will not have
> write-access to this directory this will end up in an exception! A way
> to come around this is to add the certificates with CertTrust.Trusted
> instead of CertTrust.AlwaysTrust which results in adding the certs in
> memory but not on disk. But then they have to be re-imported again after
> restarting g-Eclipse.

Actually, nevermind ! When we start g-eclipse an a workernode, we consider
(and it is the case) that the environment is virgin and that why we initialize
the g-eclipse environment each time. The solution to load the certificates into
memory is so okay.

> 
> So some thinks to keep in mind when talking about this new method! One
> should definitely be careful with this unless you won't be shot by your
> administrator for overwriting certificates ;-)

The grid may have some security shortcomings, but I hope they are a bit more subtle :)

Cheers, Rom.

> 
> Cheers, Mathias
> _______________________________________________
> geclipse-dev mailing list
> geclipse-dev@xxxxxxxxxxx
> https://dev.eclipse.org/mailman/listinfo/geclipse-dev
> 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkk9UTwACgkQbUN+hKKXqgs2KQCgpi+d7bpSzbOtPFKLxz1QWfkh
pTMAn1e9/OsyW0GnfLPaNnBOrQPp+w8j
=ufXo
-----END PGP SIGNATURE-----