risdenk commented on issue #56: KNOX-1756 - Knox Gateway TLS Keystore and Alias Should be Configurable URL: https://github.com/apache/knox/pull/56#issuecomment-466523443 Found an interesting edge case when configuring Knox. If you configured a custom signing certificate in `gateway-site.xml` and then go to create the aliases with `./bin/knoxcli.sh create-alias ...` you will run into the following error: ``` 2019-02-22 14:25:36,775 ERROR knox.gateway (BaseKeystoreService.java:getKeystore(113)) - Failed to load keystore [filename=keystore-signing.jks, type=JKS]: java.io.IOException: Keystore was tampered with, or password was incorrect ``` `DefaultKeystoreService.init(...)` is doing checks to see if the signing certificate is setup correctly. This was not added in this PR but breaks the ability to add aliases if there is a custom signing certificate not fully setup. The check in `DefaultKeystoreService` should be removed because it doesn't belong in the `KeystoreService`. The `KeystoreService` impl should be generic to what is stored in the keystore. Currently the signing certificate check breaks that design.
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] With regards, Apache Git Services
