Some Eclipse Foundation services are deprecated, or will be soon. Please ensure you've read this important communication.

Bug 198073

Summary: [plan] Support for p12 certificates
Product: z_Archived Reporter: Mathias Stümpert <mathias.stuempert>
Component: GeclipseAssignee: Mathias Stümpert <mathias.stuempert>
Status: CLOSED FIXED QA Contact:
Severity: normal    
Priority: P3 CC: tkoecker
Version: unspecifiedKeywords: plan
Target Milestone: ---   
Hardware: PC   
OS: Windows XP   
Whiteboard:

Description Mathias Stümpert CLA 2007-07-27 04:18:24 EDT 
Currently g-Eclipse only supports pem-certificates. Now Gilda comes with p12-certs. Since Gilda is very important for g-Eclipse as training site we need support for the Gilda CA. This means:

1) Easy access to Gilda CA cert which is not part of the CA cert distribution already supported by g-Eclipse

2) Conversion from p12 to pem
Comment 1 Mathias Stümpert CLA 2007-07-27 04:19:07 EDT 
*** Bug 197896 has been marked as a duplicate of this bug. ***
Comment 2 Mathias Stümpert CLA 2007-08-24 09:49:02 EDT 
Both Globus proxies and VOMS proxies may now by generated from p12-certificates. All you have to do is to specify a p12 file instead of a pem file within the proxy wizard. For p12 files no key file is needed since the key is encrypted in the p12 file itself.

There is a serious issue with p12 certificates. As described in the "IMPORTANT NOTES" at http://bouncycastle.org/documentation.html one needs to download the unrestricted policy files for the Sun JCE. Otherwise one gets something like

java.lang.SecurityException: Unsupported keysize or algorithm parameters
		at javax.crypto.Cipher.init(DashoA6275)
		
when trying to create a proxy from a p12 file. At the moment there is no easy workaround for this issue.
Comment 3 Mathias Stümpert CLA 2007-08-24 09:49:20 EDT 
closing this item