Skip to main content
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
Re: AW: AW: AW: AW: [geclipse-dev] CA certificate loading 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Thanks,

I am trying to test it right now... How do you get from a File to an IPath?

Cheers,
Rom.

Stuempert, Mathias IWR a écrit :
> Hi Again,
> 
> Just committed the changes to HEAD, should be in the nightly build then (if it does not mess up everything ;-)
> 
> One more note: when (re-)setting the certificate location formerly known certificates will not be available any more. So whenever you use this functionality you should be sure to first set the location and then import/add your certs.
> 
> Please report back as soon as you had a look at this!
> 
> Cheers, Mathias
> 
> -----Ursprüngliche Nachricht-----
> Von: geclipse-dev-bounces@xxxxxxxxxxx [mailto:geclipse-dev-bounces@xxxxxxxxxxx] Im Auftrag von Romain
> Gesendet: Montag, 8. Dezember 2008 17:54
> An: Developer mailing list
> Betreff: Re: AW: AW: AW: [geclipse-dev] CA certificate loading
> 
> 
>> I think a shortcut like
> 
>> Security.setCertificateLocation( path );
> 
> Ok, coool, it seems good to me...
>> should do the trick.
> 
>> But there is one thing we should always keep in mind. If we are changing
>> the cert managers default directory all newly loaded or imported
>> certificates will be stored in this directory as well! That means if you
>> would like to import certificates from the EuGridPMA repos these will
>> end up in the WNs default cert directory then most likely overwriting
>> the old certificates there! Since an ordinary user will not have
>> write-access to this directory this will end up in an exception! A way
>> to come around this is to add the certificates with CertTrust.Trusted
>> instead of CertTrust.AlwaysTrust which results in adding the certs in
>> memory but not on disk. But then they have to be re-imported again after
>> restarting g-Eclipse.
> 
> Actually, nevermind ! When we start g-eclipse an a workernode, we consider
> (and it is the case) that the environment is virgin and that why we initialize
> the g-eclipse environment each time. The solution to load the certificates into
> memory is so okay.
> 
>> So some thinks to keep in mind when talking about this new method! One
>> should definitely be careful with this unless you won't be shot by your
>> administrator for overwriting certificates ;-)
> 
> The grid may have some security shortcomings, but I hope they are a bit more subtle :)
> 
> Cheers, Rom.
> 
>> Cheers, Mathias
>> _______________________________________________
>> geclipse-dev mailing list
>> geclipse-dev@xxxxxxxxxxx
>> https://dev.eclipse.org/mailman/listinfo/geclipse-dev
> 
> 
_______________________________________________
geclipse-dev mailing list
geclipse-dev@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/geclipse-dev
_______________________________________________
geclipse-dev mailing list
geclipse-dev@xxxxxxxxxxx
https://dev.eclipse.org/mailman/listinfo/geclipse-dev

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkk9Wo8ACgkQbUN+hKKXqgsVWgCgnJlIS0i0tu8+2nYIV9MAeRVp
1ncAn0lJhYhOOATcCzF9HENAdjlexG5E
=AfCq
-----END PGP SIGNATURE-----

Back to the top