[jira] [Work logged] (KNOX-2999) [Docker] Add public CA to Knox trust store

Fri, 26 Jan 2024 12:44:05 -0800 


     [ 
https://issues.apache.org/jira/browse/KNOX-2999?focusedWorklogId=902017&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-902017
 ]

ASF GitHub Bot logged work on KNOX-2999:
----------------------------------------

                Author: ASF GitHub Bot
            Created on: 26/Jan/24 20:43
            Start Date: 26/Jan/24 20:43
    Worklog Time Spent: 10m 
      Work Description: moresandeep opened a new pull request, #836:
URL: https://github.com/apache/knox/pull/836

   
   ## What changes were proposed in this pull request?
   
   This PR adds public AWS certs to Knox truststore and adds a few parameters 
that can be configured on the fly 
    - KNOX_MASTER_SECRET - (optional) master secret for knox in a file, default 
value is 'knox'
    - MASTER_SECRET - (optional) master secret for knox, value not a file 
location , default value is 'knox'
    - KNOX_CERT - (optional) the location of a public PEM-encoded certificate 
file for the gateway
    - KNOX_KEY - (optional) the location of a private PEM-encoded key file for 
the gateway
    - KEYSTORE_PASSWORD_FILE - (optional) the location of a file containing the 
passphrase to use for generated keystores, default randomly generated base 64 
string
    - ALIAS_PASSPHRASE - (optional) Keystore signing password
    - CA_FILE - (optional) the location of a file containing the PEM-encoded CA 
bundle for Knox to use
    - KEYSTORE_DIR - (optional) a location for generated JKS files, default 
/home/knox/knox/data/security/keystores
    - LDAP_PASSWORD_FILE - (optional) the location of a file containing ldap 
bind password.
    - LDAP_BIND_PASSWORD - (optional) ldap bind password value (not file 
location).
    - CUSTOM_CERT - (optional) the location of a file containing the custom 
certs
   
   ## How was this patch tested?
   
   This patch was tested locally.




Issue Time Tracking
-------------------

            Worklog Id:     (was: 902017)
    Remaining Estimate: 0h
            Time Spent: 10m

> [Docker] Add public CA to Knox trust store
> ------------------------------------------
>
>                 Key: KNOX-2999
>                 URL: https://issues.apache.org/jira/browse/KNOX-2999
>             Project: Apache Knox
>          Issue Type: Bug
>          Components: docker
>            Reporter: Sandeep More
>            Assignee: Sandeep More
>            Priority: Major
>          Time Spent: 10m
>  Remaining Estimate: 0h
>
> It appears that the truststore that Knox is using does not have root certs 
> for public CAs. This is needed for Knox to support JWKS endpoints (prod and 
> dev) which are signed by public CAs. 



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to