Hi Dilan, On Fri, May 5, 2017 at 7:15 PM, Dilan Udara Ariyaratne <[email protected]> wrote:
> Hi Folks, > > Following conceptions are still there regarding keystores used in WSO2 > products. > > 1. Primary KeyStore must contain only one private key. There can not > be two private keys. (This is due to some issue in WSO2 products which may > be fixed in future). > 2. Primary KeyStore must contain *same* password as KeyStore password > and private key password. (This is due to some issue in WSO2 products which > may be fixed in future) > > Are these conceptions still valid or have these issues been already fixed ? > In WSO2 Carbon there are multiple keystores. I believe the above keystore that you have mentioned is only the Keystore [1] in carbon.xml. In 4.4.x, this keystore is only used for secure vault only. As you have mentioned, in 4.4.x, if secure vault is enabled, then at the server startup, it will ask for a single password which it uses for both the Keystore and private key password. IMO since this is only for secure vault, we can have the same password. In-addition AFAIK we can have multiple private key here. In 4.4.x, the JKS for ssl has been moved to catalina-server.xml. Therefore a separate keystore can be maintained for this. These two configuration are mentioned in [2]. > Thanks. > *Dilan U. Ariyaratne* > Senior Software Engineer > WSO2 Inc. <http://wso2.com/> > Mobile: +94766405580 <%2B94766405580> > lean . enterprise . middleware > > > _______________________________________________ > Dev mailing list > [email protected] > http://wso2.org/cgi-bin/mailman/listinfo/dev > > [1] - <KeyStore> <!-- Keystore file location--> <Location>${carbon.home}/repository/resources/security/wso2carbon.jks</Location> <!-- Keystore type (JKS/PKCS12 etc.)--> <Type>JKS</Type> <!-- Keystore password--> <Password>wso2carbon</Password> <!-- Private Key alias--> <KeyAlias>wso2carbon</KeyAlias> <!-- Private Key password--> <KeyPassword>wso2carbon</KeyPassword> </KeyStore> [2] - https://docs.wso2.com/display/ADMIN44x/Configuring+Keystores+in+WSO2+Products Regards, Nira -- *Niranjan Karunanandham* Associate Technical Lead - WSO2 Inc. WSO2 Inc.: http://www.wso2.com
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
