JDK-6680432 : Display only Digital Signature key usage certificate in client authentication dialog box.
- Type: Bug
- Component: deploy
- Sub-Component: deployment_toolkit
- Affected Version: 5.0,6u5
- Priority: P3
- Status: Closed
- Resolution: Fixed
- OS: solaris_9,windows_nt,windows_xp
- CPU: x86,sparc
- Submitted: 2008-03-26
- Updated: 2010-06-02
- Resolved: 2008-06-10
The Version table provides details related to the release that this issue/RFE will be addressed.
Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.
To download the current JDK release, click here.
Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.
To download the current JDK release, click here.
| Other | Other | JDK 6 |
|---|---|---|
| 5.0u17-revFixed | 5.0u19Fixed | 6u10 b22Fixed  |
Related Reports
|
Duplicate :
|
|
|
Duplicate :
|
Description
DoDIIS PKI Environment Each user in the DoDIIS environment has 2 PKI certificates; each certificate has th e same name and same DN, but has different key usages (Digital Signature vs. Key En cipherment). Both keys are loaded into Internet Explorer (IE). The Key Encipherme nt certificate is required for email encryption, and the Digital Signature certific ate is used for identity verification on the web. Internet Explorer - When IE prompts to choose the correct certificate, it will only allow the user to pick a certificate with a key usage of Digital Signature. Java - When Java prompts the user to choose the correct certificate, it will allow the user to select either type of certificate. Since both certificates have the sa me name, they appear to be the same, and the user is unable to tell the difference. There is absolutely no way to determine which the correct certificate is. Additi onally, each time the user it prompted, the order that the certificated appear in t he list changes, forcing the user to guess at which certificate is the one with the correct type. Problems: When the user is prompted to choose the correct certificate from Java, they are una ble to tell which certificate is the Digital Signature certificate. If the user selects the wrong certificate from the list, the DUKE web server will r eject the certificate because it\306s the wrong type. DUKE Workaround - The DUKE team has been manually loading the Digital Signature cer tificate into the Java keystore and disabling Java from looking in the IE keystore for each user.
Comments
|