Hi Niranjan, On Mon, May 22, 2017 at 2:48 PM, Niranjan Karunanandham <[email protected]> wrote:
> Hi Dilan, > > On Fri, May 5, 2017 at 7:15 PM, Dilan Udara Ariyaratne <[email protected]> > wrote: > >> Hi Folks, >> >> Following conceptions are still there regarding keystores used in WSO2 >> products. >> >> 1. Primary KeyStore must contain only one private key. There can not >> be two private keys. (This is due to some issue in WSO2 products which may >> be fixed in future). >> 2. Primary KeyStore must contain *same* password as KeyStore password >> and private key password. (This is due to some issue in WSO2 products >> which >> may be fixed in future) >> >> Are these conceptions still valid or have these issues been already fixed >> ? >> > > In WSO2 Carbon there are multiple keystores. I believe the above keystore > that you have mentioned is only the Keystore [1] in carbon.xml. In 4.4.x, > this keystore is only used for secure vault only. > Aren't those secure vault configurations for keystores configured in secret-conf.properties ? As you have mentioned, in 4.4.x, if secure vault is enabled, then at the > server startup, it will ask for a single password which it uses for both > the Keystore and private key password. > In https://docs.wso2.com/display/ADMIN44x/Using+Asymmetric+Encryption, it says that "You must have the same password for both keystore and private key due to a Tomcat limitation" and therefore, it seems not because of secure vault. > IMO since this is only for secure vault, we can have the same password. > In-addition AFAIK we can have multiple private key here. In 4.4.x, the JKS > for ssl has been moved to catalina-server.xml. Therefore a separate > keystore can be maintained for this. These two configuration are mentioned > in [2]. > >> Thanks. >> *Dilan U. Ariyaratne* >> Senior Software Engineer >> WSO2 Inc. <http://wso2.com/> >> Mobile: +94766405580 <%2B94766405580> >> lean . enterprise . middleware >> >> >> _______________________________________________ >> Dev mailing list >> [email protected] >> http://wso2.org/cgi-bin/mailman/listinfo/dev >> >> > [1] - > <KeyStore> > <!-- Keystore file location--> > <Location>${carbon.home}/repository/resources/security/ > wso2carbon.jks</Location> > <!-- Keystore type (JKS/PKCS12 etc.)--> > <Type>JKS</Type> > <!-- Keystore password--> > <Password>wso2carbon</Password> > <!-- Private Key alias--> > <KeyAlias>wso2carbon</KeyAlias> > <!-- Private Key password--> > <KeyPassword>wso2carbon</KeyPassword> > </KeyStore> > > [2] - https://docs.wso2.com/display/ADMIN44x/Configuring+ > Keystores+in+WSO2+Products > > Regards, > Nira > > -- > > > *Niranjan Karunanandham* > Associate Technical Lead - WSO2 Inc. > WSO2 Inc.: http://www.wso2.com > >
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
