Use PKCS12 keystore as a truststore for non-standard CA and self-sign certificates #716
Labels
doc-change-required
Indicates an issue or PR that requires doc to be updated
enhancement
New feature or request
good first issue
Good for newcomers
TeamCerberus
Under active development by TeamCerberus @Consensys
Comments
usmansaleem
added
doc-change-required
jframe
added
the
TeamCerberus
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
In context of enabling TLS in Web3Signer, it currently uses "known certificate" text file that contains common name and certificate fingerprints (sha256) to trust the self-signed TLS certificates.
The typical approach in Java applications is to use a PKCS12 formatted truststore to trust the non-standard CA or self-signed certificates.
Consider deprecating or removing "known certificates" approach and migrate to using PKCS12 based truststore for TLS mutual authentication.
The text was updated successfully, but these errors were encountered: