Uploaded image for project: 'Ignite'
  1. Ignite
  2. IGNITE-7997

Ability to use different SSL trust store password and private key password

    XMLWordPrintableJSON

    Details

    • Type: Improvement
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 2.4
    • Fix Version/s: None
    • Component/s: security
    • Labels:
      None

      Description

      Currently, the same keyStorePwd is used for both trust store and private keys. For a while it is a usable approach. But sometimes these passwords are distinct and this should be supported by SslContextFactory. Tomcat faced the same issue and they eventually fixed it.

                  KeyStore keyStore = loadKeyStore(keyStoreType, keyStoreFilePath, keyStorePwd);
      
                  keyMgrFactory.init(keyStore, keyStorePwd);
      

      Suggested config format:

          <bean class="org.apache.ignite.ssl.SslContextFactory">
            <property name="keyStoreFilePath" value="keystore/server.jks"/>
            <property name="keyStorePassword" value="123456"/>
            <property name="privateKeyPassword" value="234567"/>
            <property name="trustStoreFilePath" value="keystore/trust.jks"/>
            <property name="trustStorePassword" value="345678"/>
          </bean>
      

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                ilyak Ilya Kasnacheev
              • Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                • Created:
                  Updated: