powered by Jive Software

SSL administration "easier" in Wildfire 3.2.x?

I confess to being puzzled by claims that administration of SSL certificates and settings in Wildfire 3.2.x is improved over earlier versions. I was eager to upgrade when I read these claims since I had been unable to remove the built-in certificates in favour of our own pre-existing certificates in previous versions of Wildfire. Here’'s what I found instead:

  1. It is no longer possible to import certificates within the server console GUI. How is this better?

  2. For most certificate administration activities, I am now forced to use the (extremely clunky) JRE tools.

  3. It is apparently now necessary to add system properties to set the keystore password, which also means that the keystore password is visible in plain text on the system properties page.

  4. I am still unable to import pre-existing certificates without breaking Wildfire in some way. I’'ve been through the SSL guide repeatedly and so far no luck. After following the procedure, Wildfire does one or more of the following: it starts and continues to use 100% of the CPU; it stops responding altogether; the secure console stops responding and/or both consoles stop responding.

For now, I’'ve given up and gone back to 3.1.1. Hopefully this will get sorted out soon.

jrivett wrote:

  1. It is no longer possible to import certificates within the server console GUI. How is this better?

There’‘s a super-secret certificate import page at /import-certificate.jsp not linked from anywhere in the interface, but don’'t tell anyone about it!