Uploaded image for project: 'Ignite'
  1. Ignite
  2. IGNITE-7997

Ability to use different SSL trust store password and private key password

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Open
    • Major
    • Resolution: Unresolved
    • 2.4
    • None
    • security
    • None

    Description

      Currently, the same keyStorePwd is used for both trust store and private keys. For a while it is a usable approach. But sometimes these passwords are distinct and this should be supported by SslContextFactory. Tomcat faced the same issue and they eventually fixed it.

                  KeyStore keyStore = loadKeyStore(keyStoreType, keyStoreFilePath, keyStorePwd);

            keyMgrFactory.init(keyStore, keyStorePwd);

      Suggested config format:

          <bean class="org.apache.ignite.ssl.SslContextFactory">
      <property name="keyStoreFilePath" value="keystore/server.jks"/>
      <property name="keyStorePassword" value="123456"/>
      <property name="privateKeyPassword" value="234567"/>
      <property name="trustStoreFilePath" value="keystore/trust.jks"/>
      <property name="trustStorePassword" value="345678"/>
    </bean>

      Attachments

        Issue Links

          is related to

          New Feature - A new feature of the product, which has yet to be developed. IGNITE-2337 SSL & TLS use distinguished name of the certificate (DN)

          • Major - Major loss of function.
          • Open

          Wish - General wishlist item. IGNITE-6167 Ability to enabled TLS protocols and cipher suites

          • Major - Major loss of function.
          • Resolved

          Activity

            People

              Unassigned Unassigned
              ilyak Ilya Kasnacheev
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated: