RFR: 8313367: SunMSCAPI cannot read Local Computer certs w/o Windows elevation [v7]
christophvw
duke at openjdk.org
Tue Oct 29 08:58:13 UTC 2024
On Tue, 15 Oct 2024 17:59:52 GMT, rebarbora-mckvak <duke at openjdk.org> wrote:
>> This fixes the defect described at https://bugs.openjdk.org/browse/JDK-8313367
>>
>> If the process does not have write permissions, the store is opened as read-only (instead of failing).
>>
>> Please note that permissions to use a certificate in a local machine store must be granted - in a management console, select a certificate, right-click -> All tasks... -> Manage Private Keys... -> add Full control to user.
>
> rebarbora-mckvak has updated the pull request incrementally with one additional commit since the last revision:
>
> copyright fixed
Any news on this issue? I would like to use certificates from the windows cert store for our tomcat servers, because these will get automatically renewed by AD cert templates.
The problem is: it currently works only when the tomcat server is running as LocalSystem.
<Certificate certificateKeystoreType="Windows-MY-LOCALMACHINE"
certificateKeystoreFile=""
certificateKeyAlias="cert-alias"
protocols="TLSv1.2,TLSv1.3"
/>
I need a solution which works with a gMSA - without admin rights.
-------------
PR Comment: https://git.openjdk.org/jdk/pull/16687#issuecomment-2443610090
More information about the security-dev
mailing list