[ https://issues.apache.org/jira/browse/KNOX-2999?focusedWorklogId=902017&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-902017 ]
ASF GitHub Bot logged work on KNOX-2999: ---------------------------------------- Author: ASF GitHub Bot Created on: 26/Jan/24 20:43 Start Date: 26/Jan/24 20:43 Worklog Time Spent: 10m Work Description: moresandeep opened a new pull request, #836: URL: https://github.com/apache/knox/pull/836 ## What changes were proposed in this pull request? This PR adds public AWS certs to Knox truststore and adds a few parameters that can be configured on the fly - KNOX_MASTER_SECRET - (optional) master secret for knox in a file, default value is 'knox' - MASTER_SECRET - (optional) master secret for knox, value not a file location , default value is 'knox' - KNOX_CERT - (optional) the location of a public PEM-encoded certificate file for the gateway - KNOX_KEY - (optional) the location of a private PEM-encoded key file for the gateway - KEYSTORE_PASSWORD_FILE - (optional) the location of a file containing the passphrase to use for generated keystores, default randomly generated base 64 string - ALIAS_PASSPHRASE - (optional) Keystore signing password - CA_FILE - (optional) the location of a file containing the PEM-encoded CA bundle for Knox to use - KEYSTORE_DIR - (optional) a location for generated JKS files, default /home/knox/knox/data/security/keystores - LDAP_PASSWORD_FILE - (optional) the location of a file containing ldap bind password. - LDAP_BIND_PASSWORD - (optional) ldap bind password value (not file location). - CUSTOM_CERT - (optional) the location of a file containing the custom certs ## How was this patch tested? This patch was tested locally. Issue Time Tracking ------------------- Worklog Id: (was: 902017) Remaining Estimate: 0h Time Spent: 10m > [Docker] Add public CA to Knox trust store > ------------------------------------------ > > Key: KNOX-2999 > URL: https://issues.apache.org/jira/browse/KNOX-2999 > Project: Apache Knox > Issue Type: Bug > Components: docker > Reporter: Sandeep More > Assignee: Sandeep More > Priority: Major > Time Spent: 10m > Remaining Estimate: 0h > > It appears that the truststore that Knox is using does not have root certs > for public CAs. This is needed for Knox to support JWKS endpoints (prod and > dev) which are signed by public CAs. -- This message was sent by Atlassian Jira (v8.20.10#820010)