And also there is a concept called encrypting registry data. Is this feature supported in carbon 4.4.x and if "YES", is this done via the keystore configured in carbon.xml ? I could not find proper documentation for this.
Thanks, Dilan. *Dilan U. Ariyaratne* Senior Software Engineer WSO2 Inc. <http://wso2.com/> Mobile: +94766405580 <%2B94766405580> lean . enterprise . middleware On Mon, May 22, 2017 at 5:11 PM, Dilan Udara Ariyaratne <[email protected]> wrote: > Hi Niranjan, > > On Mon, May 22, 2017 at 2:48 PM, Niranjan Karunanandham <[email protected] > > wrote: > >> Hi Dilan, >> >> On Fri, May 5, 2017 at 7:15 PM, Dilan Udara Ariyaratne <[email protected]> >> wrote: >> >>> Hi Folks, >>> >>> Following conceptions are still there regarding keystores used in WSO2 >>> products. >>> >>> 1. Primary KeyStore must contain only one private key. There can not >>> be two private keys. (This is due to some issue in WSO2 products which >>> may >>> be fixed in future). >>> 2. Primary KeyStore must contain *same* password as KeyStore >>> password and private key password. (This is due to some issue in WSO2 >>> products which may be fixed in future) >>> >>> Are these conceptions still valid or have these issues been already >>> fixed ? >>> >> >> In WSO2 Carbon there are multiple keystores. I believe the above keystore >> that you have mentioned is only the Keystore [1] in carbon.xml. In 4.4.x, >> this keystore is only used for secure vault only. >> > > Aren't those secure vault configurations for keystores configured in > secret-conf.properties > ? > > As you have mentioned, in 4.4.x, if secure vault is enabled, then at the >> server startup, it will ask for a single password which it uses for both >> the Keystore and private key password. >> > > In https://docs.wso2.com/display/ADMIN44x/Using+Asymmetric+Encryption, it > says that "You must have the same password for both keystore and private > key due to a Tomcat limitation" > and therefore, it seems not because of secure vault. > > >> IMO since this is only for secure vault, we can have the same password. >> In-addition AFAIK we can have multiple private key here. In 4.4.x, the JKS >> for ssl has been moved to catalina-server.xml. Therefore a separate >> keystore can be maintained for this. These two configuration are mentioned >> in [2]. >> >>> Thanks. >>> *Dilan U. Ariyaratne* >>> Senior Software Engineer >>> WSO2 Inc. <http://wso2.com/> >>> Mobile: +94766405580 <%2B94766405580> >>> lean . enterprise . middleware >>> >>> >>> _______________________________________________ >>> Dev mailing list >>> [email protected] >>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>> >>> >> [1] - >> <KeyStore> >> <!-- Keystore file location--> >> <Location>${carbon.home}/repository/resources/security/wso2c >> arbon.jks</Location> >> <!-- Keystore type (JKS/PKCS12 etc.)--> >> <Type>JKS</Type> >> <!-- Keystore password--> >> <Password>wso2carbon</Password> >> <!-- Private Key alias--> >> <KeyAlias>wso2carbon</KeyAlias> >> <!-- Private Key password--> >> <KeyPassword>wso2carbon</KeyPassword> >> </KeyStore> >> >> [2] - https://docs.wso2.com/display/ADMIN44x/Configuring+Keystor >> es+in+WSO2+Products >> >> Regards, >> Nira >> >> -- >> >> >> *Niranjan Karunanandham* >> Associate Technical Lead - WSO2 Inc. >> WSO2 Inc.: http://www.wso2.com >> >> >
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
