Hi Dilan,

On Fri, May 5, 2017 at 7:15 PM, Dilan Udara Ariyaratne <[email protected]>
wrote:

> Hi Folks,
>
> Following conceptions are still there regarding keystores used in WSO2
> products.
>
>    1. Primary KeyStore must contain only one private key. There can not
>    be two private keys. (This is due to some issue in WSO2 products which may
>    be fixed in future).
>    2. Primary KeyStore must contain *same* password as KeyStore password
>    and private key password. (This is due to some issue in WSO2 products which
>    may be fixed in future)
>
> Are these conceptions still valid or have these issues been already fixed ?
>

In WSO2 Carbon there are multiple keystores. I believe the above keystore
that you have mentioned is only the Keystore [1] in carbon.xml. In 4.4.x,
this keystore is only used for secure vault only. As you have mentioned, in
4.4.x, if secure vault is enabled, then at the server startup, it will ask
for a single password which it uses for both the Keystore and private key
password. IMO since this is only for secure vault, we can have the same
password. In-addition AFAIK we can have multiple private key here. In
4.4.x, the JKS for ssl has been moved to catalina-server.xml. Therefore a
separate keystore can be maintained for this. These two configuration are
mentioned in [2].



> Thanks.
> *Dilan U. Ariyaratne*
> Senior Software Engineer
> WSO2 Inc. <http://wso2.com/>
> Mobile: +94766405580 <%2B94766405580>
> lean . enterprise . middleware
>
>
> _______________________________________________
> Dev mailing list
> [email protected]
> http://wso2.org/cgi-bin/mailman/listinfo/dev
>
>
[1] -
        <KeyStore>
            <!-- Keystore file location-->

<Location>${carbon.home}/repository/resources/security/wso2carbon.jks</Location>
            <!-- Keystore type (JKS/PKCS12 etc.)-->
            <Type>JKS</Type>
            <!-- Keystore password-->
            <Password>wso2carbon</Password>
            <!-- Private Key alias-->
            <KeyAlias>wso2carbon</KeyAlias>
            <!-- Private Key password-->
            <KeyPassword>wso2carbon</KeyPassword>
        </KeyStore>

[2] -
https://docs.wso2.com/display/ADMIN44x/Configuring+Keystores+in+WSO2+Products

Regards,
Nira

-- 


*Niranjan Karunanandham*
Associate Technical Lead - WSO2 Inc.
WSO2 Inc.: http://www.wso2.com
_______________________________________________
Dev mailing list
[email protected]
http://wso2.org/cgi-bin/mailman/listinfo/dev

Reply via email to