search

OpenIdentityPlatform / OpenIDM

OpenIDM is an open standards based Identity Management, Provisioning and Compliance solution. Experience shows that the most important features of an identity management product are: high flexibility in Business Process handling and compliance with open standards and interfaces. A highly flexible user interface combined with a very robust workflow engine make OpenIDM ready for any Identity Management project.
https://www.openidentityplatform.org/openidm
Other
73 stars 31 forks source link

Product uses wrong truststore #11

Closed ghmer closed 5 months ago

ghmer commented 4 years ago

Describe the bug Openidm uses its own truststore, rather than using the default cacerts. As this truststore seems to be pretty old, in example, LetsEncrypt certificates are not accepted. This breaks connectors et al. Those were introduced with Java1.8.101 or something like that, so several years ago!!

To Reproduce Steps to reproduce the behavior:

  1. unzip openidm
  2. try to connect an LDAP system via SSL using LetsEncrypt certificates. It will not work, console will throw Exceptions regarding the certificate path
  3. stop openidm. Replace security/truststore with cacerts file
  4. try again. This time, connecting the LDAP system via SSL works.

Expected behavior The product should not use its own (oooooold!) truststore and instead use the default cacerts file that is shipped with the jre/jdk.

vharseko commented 5 months ago

you can change openidm/conf/boot/boot.properties

openidm.keystore.type=JCEKS
openidm.truststore.type=JKS
openidm.keystore.provider=SunJCE
openidm.truststore.provider=SUN
openidm.keystore.location=security/keystore.jceks
openidm.truststore.location=security/truststore

# Keystore password, adjust to match your keystore and protect this file
openidm.keystore.password=changeit
openidm.truststore.password=changeit