[
https://issues.apache.org/jira/browse/SOLR-11678?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16271952#comment-16271952
]
Shawn Heisey commented on SOLR-11678:
-------------------------------------
Notes from the jetty mailing list:
{quote}
The exception reported in the SOLR issue shows that the exception is thrown
while loading the keystore, not the truststore. So either they have the wrong
password, or they also have a keymanager password that they did not specify in
the Jetty configuration.
{quote}
They did say that Jetty supports different passwords for the key store and the
trust store, and that it looks like the way Solr's script configures Jetty is
correct.
> SSL not working if store and key passwords are different
> --------------------------------------------------------
>
> Key: SOLR-11678
> URL: https://issues.apache.org/jira/browse/SOLR-11678
> Project: Solr
> Issue Type: Bug
> Security Level: Public(Default Security Level. Issues are Public)
> Components: security
> Affects Versions: 6.6.2
> Reporter: Constantin Bugneac
>
> If I specify different passwords for store and key then Solr fails to read
> certificate from JKS file with the below error.
> Example:
> SOLR_SSL_KEY_STORE_PASSWORD: "secret1"
> SOLR_SSL_TRUST_STORE_PASSWORD: "secret2"
> If I set the same password for both - it works just fine.
> Tested with the docker image 6.6.2 available here
> https://hub.docker.com/_/solr/
> I don't know whether this is JAVA nuance or Solr implementation issue but
> from security point of view there there is no point to have the same password
> assigned for both the key store and private key bound to specific certificate.
> Expected behaviour: It should allow to specify different passwords.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
