Reputation: 12876
Is the Trusted Key Store necessary for One-Way SSL
Trying to set up one-way SSL with Weblogic 11g and running into an issue. I have a custom identify (my own cert) but I only want to do one-way SSL, so why do I need to specify the trust key store? (I have no use for trust as I am only doing one-way SSL where my server presents its cert to the client).
Can someone please explain this? It seems like to get this to work I must choose Custom Identify and Java Standard Trust, even though the CA certs in the Java Standard Trust keystore will never be used for anything. I tried to do Custom Identiy and Custom Trust and left trust keystore blank and received errors on startup related to the trust keystore field not being populated.
Upvotes: 1
Views: 793
Answers (1)
Reputation: 5845
You don't need to specify the trust key store, except for the fact it is looked for if you specify Custom Trust. So therefore you do, or use JavaStandardTrust or DemoTrust instead.
It is dangerous using DemoTrust as anyone with an Oracle installation could potentially get trusted by you, so I would go with the JavaStandardTrust in your case.
The other option is to go with CustomTrust and create an empty keystore for that, apart from the actual key in it. In that way you implicitly trust no-one.
Upvotes: 1
Related Questions
- It is possible that a weblogic ssl communication accept all certificates?
- weblogic ssl handshake failure trust store issue
- Do I need to send the client certificate to another server even if I configured my server with SSL
- Why I need to provide both key store and trust store for an SSL connection to IBM MQ
- WebLogic 8.1 two-way SSL authentication on a web app full example?
- ssl weblogic with identity keystore
- Two way ssl with Tomcat as client to weblogic
- weblogic ssl with custom truststore
- WebSphere. SSL. Do I need server certificate to have key encipherment KeyUsage enabled?
- weblogic as ssl client (single side auth)