mbjones
commented
6 years ago Original Redmine Comment Author Name: Jing Tao (Jing Tao) Original Date: 2014-04-08T21:50:46Z
Remove the code in morpho to customize the keystore. Now it uses the default one from java vm.
I tested morpho against the gleon metacat, which has a commercial certificate, by the https connection and it worked.
I also tested morpho against my local metacat which has a self-signed certificate by the https connection. If I didn't import the certificate into the default java keystore, the connection would fail. If I did, the connection would succeed.
Author Name: Jing Tao (Jing Tao) Original Redmine Issue: 6499, https://projects.ecoinformatics.org/ecoinfo/issues/6499 Original Date: 2014-04-04 Original Assignee: Jing Tao
Currently, morpho overwrites the default keystore of java - it uses the keystore locating at ~/.morpho/truststore. In that keystore, we only have handful certificates there. So it will say "peer not authenticated" even the certificate of the metacat server was signed by a well-known commercial authority.
The reason we did this way is that the certificates from sanparks and knb couldn't be recognized by the java default ca at that time. In order to avoid the users to import those certificates into the java keystore, we shipped a a customized keystore.
It is a trend that the production metacats are using the commercial certificates. So we should use the default java keystore in morpho.
But we need to make sure the sanparks metacat will use a commercial certificate.