[
http://jira.magnolia-cms.com/browse/MAGNOLIA-4439?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Edgar Vonk updated MAGNOLIA-4439:
---------------------------------
Description:
It seems the private activation key no longer gets created on first activation
when it does not exist.
In our Magnolia web app we do not have an activation key by default. When we
try to activate content the first time (the subscriber is configured correctly
and running) this fails with the error 'Private key store doesn't exist at..'
It is easily reproduced in the Magnolia 4.5.3 EE distribution if you first
remove the magnolia-activation-keypair.properties file from the
magnoliaAuthor/WEB-INF/config/default dir, start up Magnolia and attempt to
activate content.
In the log:
{code}
Caused by: java.lang.SecurityException: Private key store doesn't exist at
[/Users/edgar/Downloads/magnolia-enterprise-4.5.3/apache-tomcat-6.0.32/webapps/magnoliaAuthor/WEB-INF/config/default/magnolia-activation-keypair.properties].
Please, ensure that [magnolia.author.key.location] actually points to the
correct location
at
info.magnolia.cms.security.SecurityUtil.checkPrivateKeyStoreExistence(SecurityUtil.java:367)
{code}
I guess the workaround is to generate an activation key and store that manually
on the filesystem or use the one provided in the Magnolia EE distribution?
PS: this mechanism is introduced for security reasons right? If so, why does
Magnolia distribute the key in it's Magnolia EE distributions? With default
Magnolia installations the very same key is now used all over the world. So
much for security.
was:
It seems the private activation key no longer gets created on first activation
when it does not exist.
In our Magnolia web app we do not have an activation key by default. When we
try to activate content the first time (the subscriber is configured correctly
and running) this fails with the error 'Private key store doesn't exist at..'
It is easily reproduced in the Magnolia 4.5.3 EE distribution if you first
remove the magnolia-activation-keypair.properties file from the
magnoliaAuthor/WEB-INF/config/default dir, start up Magnolia (the author
instance) and attempt to activate content.
In the log:
{code}
Caused by: java.lang.SecurityException: Private key store doesn't exist at
[/Users/edgar/Downloads/magnolia-enterprise-4.5.3/apache-tomcat-6.0.32/webapps/magnoliaAuthor/WEB-INF/config/default/magnolia-activation-keypair.properties].
Please, ensure that [magnolia.author.key.location] actually points to the
correct location
at
info.magnolia.cms.security.SecurityUtil.checkPrivateKeyStoreExistence(SecurityUtil.java:367)
{code}
I guess the workaround is to generate an activation key and store that manually
on the filesystem or use the one provided in the Magnolia EE distribution?
PS: this mechanism is introduced for security reasons right? If so, why does
Magnolia distribute the key in it's Magnolia EE distributions? With default
Magnolia installations the very same key is now used all over the world. So
much for security.
> Activation key does not get created when it does not exist
> ----------------------------------------------------------
>
> Key: MAGNOLIA-4439
> URL: http://jira.magnolia-cms.com/browse/MAGNOLIA-4439
> Project: Magnolia
> Issue Type: Bug
> Security Level: Public
> Components: activation
> Affects Versions: 4.5.3
> Reporter: Edgar Vonk
> Assignee: Philipp Bärfuss
>
> It seems the private activation key no longer gets created on first
> activation when it does not exist.
> In our Magnolia web app we do not have an activation key by default. When we
> try to activate content the first time (the subscriber is configured
> correctly and running) this fails with the error 'Private key store doesn't
> exist at..'
> It is easily reproduced in the Magnolia 4.5.3 EE distribution if you first
> remove the magnolia-activation-keypair.properties file from the
> magnoliaAuthor/WEB-INF/config/default dir, start up Magnolia and attempt to
> activate content.
> In the log:
> {code}
> Caused by: java.lang.SecurityException: Private key store doesn't exist at
> [/Users/edgar/Downloads/magnolia-enterprise-4.5.3/apache-tomcat-6.0.32/webapps/magnoliaAuthor/WEB-INF/config/default/magnolia-activation-keypair.properties].
> Please, ensure that [magnolia.author.key.location] actually points to the
> correct location
> at
> info.magnolia.cms.security.SecurityUtil.checkPrivateKeyStoreExistence(SecurityUtil.java:367)
> {code}
> I guess the workaround is to generate an activation key and store that
> manually on the filesystem or use the one provided in the Magnolia EE
> distribution?
> PS: this mechanism is introduced for security reasons right? If so, why does
> Magnolia distribute the key in it's Magnolia EE distributions? With default
> Magnolia installations the very same key is now used all over the world. So
> much for security.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://jira.magnolia-cms.com/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
----------------------------------------------------------------
For list details, see: http://www.magnolia-cms.com/community/mailing-lists.html
Alternatively, use our forums: http://forum.magnolia-cms.com/
To unsubscribe, E-mail to: <[email protected]>
----------------------------------------------------------------
