Details
-
Improvement
-
Status: Open
-
Major
-
Resolution: Unresolved
-
2.4
-
None
-
None
Description
Currently, the same keyStorePwd is used for both trust store and private keys. For a while it is a usable approach. But sometimes these passwords are distinct and this should be supported by SslContextFactory. Tomcat faced the same issue and they eventually fixed it.
KeyStore keyStore = loadKeyStore(keyStoreType, keyStoreFilePath, keyStorePwd); keyMgrFactory.init(keyStore, keyStorePwd);
Suggested config format:
<bean class="org.apache.ignite.ssl.SslContextFactory"> <property name="keyStoreFilePath" value="keystore/server.jks"/> <property name="keyStorePassword" value="123456"/> <property name="privateKeyPassword" value="234567"/> <property name="trustStoreFilePath" value="keystore/trust.jks"/> <property name="trustStorePassword" value="345678"/> </bean>
Attachments
Issue Links
- is related to
-
IGNITE-2337 SSL & TLS use distinguished name of the certificate (DN)
- Open
-
IGNITE-6167 Ability to enabled TLS protocols and cipher suites
- Resolved