Hi Kishanthan,
The value that was in the catalina-server.xml for keystorePass will not be
removed after running the cipher tool. The cipher tool will encrypt the
value in cipher-text.properties and insert svns:secretAlias="Server.
Service.Connector.keystorePass">password</Connector> to
catalina-server.xml. When the server starts the value for keystorePass will
be retrieved from the cipher-text.properties (encrypted value) and not
which is there in the catalina-server.xml. If required, the value in the
catalina-server.xml can be removed:
<Connector SSLEnabled="true" URIEncoding="UTF-8" acceptCount="200"
acceptorThreadCount="2" bindOnInit="false" clientAuth="false"
compressableMimeType="text/html,text/javascript,application/x-javascript,
application/javascript,application/xml,text/css,
application/xslt+xml,text/xsl,image/gif,image/jpg,image/jpeg"
compression="on" compressionMinSize="2048" connectionUploadTimeout="120000"
disableUploadTimeout="false" enableLookups="false"
keystoreFile="${carbon.home}/repository/resources/security/wso2carbon.jks"
*keystorePass="**"* maxHttpHeaderSize="8192" maxKeepAliveRequests="200"
maxThreads="250" minSpareThreads="50" noCompressionUserAgents="gozilla,
traviata" port="9443" protocol="org.apache.coyote.http11.Http11NioProtocol"
scheme="https" secure="true" server="WSO2 Carbon Server" sslProtocol="TLS"
svns:secretAlias="Server.Service.Connector.keystorePass">password</
Connector>
Shall we mention this in the carbon 4.3.0 doc?
Regards,
Nira
On Wed, Mar 11, 2015 at 1:53 AM, Kishanthan Thangarajah <[email protected]
> wrote:
> Hi Folks,
>
> There is an issue with current support for $subject. Once we configure
> this file using cipher-tool, we can see that the secret alias is being
> added to it. But the value of keystorePass still remains as "wso2carbon".
> This should get changed to "password".
>
> <Connector SSLEnabled="true" URIEncoding="UTF-8" acceptCount="200"
> acceptorThreadCount="2" bindOnInit="false" clientAuth="false"
> compressableMimeType="text/html,text/javascript,application/x-javascript,application/javascript,application/xml,text/css,application/xslt+xml,text/xsl,image/gif,image/jpg,image/jpeg"
> compression="on" compressionMinSize="2048" connectionUploadTimeout="120000"
> disableUploadTimeout="false" enableLookups="false"
> keystoreFile="${carbon.home}/repository/resources/security/wso2carbon.jks"
> keystorePass="*wso2carbon*" maxHttpHeaderSize="8192"
> maxKeepAliveRequests="200" maxThreads="250" minSpareThreads="50"
> noCompressionUserAgents="gozilla, traviata" port="9443"
> protocol="org.apache.coyote.http11.Http11NioProtocol" scheme="https"
> secure="true" server="WSO2 Carbon Server" sslProtocol="TLS"
> svns:secretAlias="Server.Service.Connector.keystorePass">password</Connector>
>
> The actual reason is that this is the only file (may be the first one),
> where we need to encrypt a value of an xml attribute. Other config files,
> we had to encrypt the value of the xml node element.
>
> @Niranjan, IIRC, you did some testing on this area right? Did we notice
> the above?
>
> Thanks,
> Kishanthan.
> --
> *Kishanthan Thangarajah*
> Senior Software Engineer,
> Platform Technologies Team,
> WSO2, Inc.
> lean.enterprise.middleware
>
> Mobile - +94773426635
> Blog - *http://kishanthan.wordpress.com <http://kishanthan.wordpress.com>*
> Twitter - *http://twitter.com/kishanthan <http://twitter.com/kishanthan>*
>
--
*Niranjan Karunanandham*
Senior Software Engineer - WSO2 Inc.
WSO2 Inc.: http://www.wso2.com
_______________________________________________
Dev mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/dev
