powered by Jive Software

Regarding JM - 492

Regarding JM-492

How does it work with self-signed certificate?

Then how do client like psi will report about the certificate?

I have made self-signed certificate and I have been through the process of making psi not to complain the certificate. I want to know how it might affect my setting. But it sure is a nice feature.

Message was edited by: wmhtet

Nice integration of forum and JIRA.

I posted the question with JM-492 in the subject line and it is included in the external reference in JIRA. Is it automated or does some one do it?

regards,

wmhtet

Message was edited by: wmhtet

Poor ''ol Bob. He just sits there all day looking at posts to make links between the Jira and Jive Forums. I feel so bad for him as it has to be really monotonous.

Ok, I’'m kidding. It is automated. I assume it looks for “JM-###” and creates the link. And it is a wonderful feature.

Yep, it’'s based on issue patterns. It then uses the JIRA trackback feature. The integration is a standard part of Jive Forums.

Regards,

Matt

thx matt

but I prefer that you answer my original question.

regards,

wmhtet

thx matt

but I prefer that you answer my original question.

Sorry, that would be Gato’‘s dept.! I’'m not familiar with the new certificate code.

-Matt

Hey wmhtet,

I’'m not sure if you are asking 1 or 2 questions here so I will try to give as much info as possible.

How does it work with self-signed certificate?

Then how do client like psi will report about the

certificate?

I have made self-signed certificate and I have been

through the process of making psi not to complain the

certificate. I want to know how it might affect my

setting. But it sure is a nice feature.

Server certificates are kept in resources\security\keystore. Certificates can be signed by a publicly known Certificate Authority (CA) or just be self-signed. Usually self-signed certificates are not meant to be used in production environments since the identity of the server cannot be really trusted. However, self-signed certificates as well as certificates signed by a CA can both be used to encrypt/secure a connection (i.e. for TLS/SSL).

Server certificates are used in 2 cases: 1) When a client connects to the server the client will validate the server certificate to confirm the identity of the server and 2) When a remote server connects to your server the remote server will also need to verify the server identity by checking the server certificates. Case #2 only happens between servers that support TLS for s2s.

In case #1 that is the case that you are asking it’'s up to the client to decide if he is going to accept a self-signed server certificate. If the client accepts the self-signed certificate then the connection will be secured and things will flow without any problem. However, if the client does not accept self-signed certificates then the connection will not be secured. The client can always try to connect using an unsecured connection and if the server allows unsecured connections then things will be fine.

If you are asking how are we going to deal with certificate signing in JM-492 then the answer will be that the admin console will need to not only generate certificates but also export and import them. So once a CA has signed a certificate you should be able to import it. That’'s why the security page is now showing if the certificate is self-signed as a way to indicate if the signed certificate has been imported or not.

Let me know if you need more info or have any other questions.

Regards,

– Gato

Gato

Thanks for taking time to answer me. So JM - 492 will let the Sys admin to be able to generate self-signed certificate easily and don’'t need to go through hassle like this http://www.jivesoftware.org/community/thread.jspa?threadID=16804&tstart=0 instead of the John Doe certificate? That would be pretty cool for junior sys admin like me.

For importing, I understand that it is for importing CA signed certificate. Why does Wild Fire need exporting? What format will it export?

I remember that Jive Messenger has an issue not working well with self-signed certificate that does not use the default password. Has the issue fixed yet?

This feature would be such a nice useful feature.

Thanks,

wmhtet