Hi Niranjan, Both issues were solved with your suggestions. Thanks a lot for the prompt reply.
Thanks. On Thu, Jul 30, 2015 at 11:31 PM, Niranjan Karunanandham <[email protected]> wrote: > Hi Jagath, > > On Thu, Jul 30, 2015 at 9:03 PM, Jagath Sisirakumara Ariyarathne < > [email protected]> wrote: > >> Hi Niranjan, >> >> I followed below steps to secure passwords in axis2.xml keystores with >> ESB 4.9.0-BETA-SNAPSHOT built with cipher tool 1.0.0-wso2v3. >> >> 1. Added axis2 configuration entries to cipher-tool.properties file. >> >> >> Axis2.Https.Listener.TrustStore.Password=repository/conf/axis2/axis2.xml//axisconfig/transportReceiver[@name='https']/parameter[@name='truststore']/TrustStore/Password,false >> >> Axis2.Https.Listener.KeyStore.Password=repository/conf/axis2/axis2.xml//axisconfig/transportReceiver[@name='https']/parameter[@name='keystore']/KeyStore/Password,false >> >> 2. Executed cipher text configuration command ./ciphertool.sh >> -Dconfigure. It updated axis2.xml with given aliases. >> >> <parameter locked="false" name="truststore"> >> >> <TrustStore> >> >> >> <Location>repository/resources/security/client-truststore.jks</Location> >> >> <Type>JKS</Type> >> >> <Password >> svns:secretAlias="Axis2.Https.Listener.TrustStore.Password">password</Password> >> >> </TrustStore> >> </parameter> >> >> 3. But encrypted keys updated in cipher-text.properties file only for >> existing entries. Not for the new axis2 entries configured above. >> > You need to add the alias followed by the password in square brackets into > the cipher-text.properties file and then run ./ciphertool.sh -Dconfigure. > Only then it will encrypt the password entered inside square brackets in > the cipher-text.properties. > > > >> 4. Also ESB gives error "java.io.IOException: Keystore was tampered with, >> or password was incorrect" at startup. >> >> Is there any missing in my procedure? >> >> Also I experienced below error when running integration tests in ESB >> 4.9.0 with kernel 4.4.1 RC1. It did not occur with kernel 4.4.0. Would it >> be due to any missing information in catalina-server.xml? >> >> INFO >> [org.wso2.carbon.integration.common.extensions.utils.ServerLogReader] - >> org.w3c.dom.DOMException: NOT_FOUND_ERR: An attempt is made to reference a >> node in a context where it does not exist. >> INFO >> [org.wso2.carbon.integration.common.extensions.utils.ServerLogReader] - at >> org.apache.xerces.dom.AttributeMap.internalRemoveNamedItem(Unknown Source) >> INFO >> [org.wso2.carbon.integration.common.extensions.utils.ServerLogReader] - at >> org.apache.xerces.dom.AttributeMap.removeNamedItem(Unknown Source) >> INFO >> [org.wso2.carbon.integration.common.extensions.utils.ServerLogReader] - at >> org.wso2.carbon.tomcat.internal.ServerManager.init(ServerManager.java:85) >> >> >> In the Carbon 4.2.0, the certificate in the Primary Keystore (in > carbon.xml) was used as the SSL certificate, but in Carbon 4.4.0 this has > been moved to the catalina-server.xml. Therefore you will need to encrypt > the password of the JKS in catalina-server.xml also when you run the > cipher-tool. In-order to do that you need to add the following values [1] > and [2] into cipher-tool.properties and cipher-text.properties of the > product respectively. This issue is happening since after running the > ciphertool, this value is not encrypted as the keys are not added to > cipher-text.properties and cipher-tool.properties. Can you please add a > JIRA in kernel this, .i.e., issue after running the ciphertool without > encrypting the Keystore password in catalina-server.xml. This is not a > blocker for you since the recommended approach when you run the ciphertool > is to encrypt the JKS password in catalina-server.xml > > > [1] - > https://github.com/wso2/cipher-tool/blob/master/features/org.wso2.ciphertool.feature/resources/conf/cipher-tool.properties#L12 > [2] - > https://github.com/wso2/cipher-tool/blob/master/features/org.wso2.ciphertool.feature/resources/conf/cipher-text.properties#L9 > > > >> Thanks. >> -- >> Jagath Ariyarathne >> Technical Lead >> WSO2 Inc. http://wso2.com/ >> Email: [email protected] >> Mob : +94 77 386 7048 >> >> > Regards, > Nira > > > -- > > *Niranjan Karunanandham* > Senior Software Engineer - WSO2 Inc. > WSO2 Inc.: http://www.wso2.com > -- Jagath Ariyarathne Technical Lead WSO2 Inc. http://wso2.com/ Email: [email protected] Mob : +94 77 386 7048
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
