Hi Dilan, On Mon, May 22, 2017 at 5:27 PM, Dilan Udara Ariyaratne <dil...@wso2.com> wrote:
> And also there is a concept called encrypting registry data. > Is this feature supported in carbon 4.4.x and if "YES", is this done via > the keystore configured in carbon.xml ? I could not find proper > documentation for this. > Can you explain about this please? Are you referring to data being encrypted when added to the registry from the UI say password field. If so, then this uses the secure vault. > Thanks, > Dilan. > > > *Dilan U. Ariyaratne* > Senior Software Engineer > WSO2 Inc. <http://wso2.com/> > Mobile: +94766405580 <%2B94766405580> > lean . enterprise . middleware > > > On Mon, May 22, 2017 at 5:11 PM, Dilan Udara Ariyaratne <dil...@wso2.com> > wrote: > >> Hi Niranjan, >> >> On Mon, May 22, 2017 at 2:48 PM, Niranjan Karunanandham < >> niran...@wso2.com> wrote: >> >>> Hi Dilan, >>> >>> On Fri, May 5, 2017 at 7:15 PM, Dilan Udara Ariyaratne <dil...@wso2.com> >>> wrote: >>> >>>> Hi Folks, >>>> >>>> Following conceptions are still there regarding keystores used in WSO2 >>>> products. >>>> >>>> 1. Primary KeyStore must contain only one private key. There can >>>> not be two private keys. (This is due to some issue in WSO2 products >>>> which >>>> may be fixed in future). >>>> 2. Primary KeyStore must contain *same* password as KeyStore >>>> password and private key password. (This is due to some issue in WSO2 >>>> products which may be fixed in future) >>>> >>>> Are these conceptions still valid or have these issues been already >>>> fixed ? >>>> >>> >>> In WSO2 Carbon there are multiple keystores. I believe the above >>> keystore that you have mentioned is only the Keystore [1] in carbon.xml. In >>> 4.4.x, this keystore is only used for secure vault only. >>> >> >> Aren't those secure vault configurations for keystores configured in >> secret-conf.properties >> ? >> >> As you have mentioned, in 4.4.x, if secure vault is enabled, then at the >>> server startup, it will ask for a single password which it uses for both >>> the Keystore and private key password. >>> >> >> In https://docs.wso2.com/display/ADMIN44x/Using+Asymmetric+Encryption, >> it says that "You must have the same password for both keystore and >> private key due to a Tomcat limitation" >> and therefore, it seems not because of secure vault. >> >> >>> IMO since this is only for secure vault, we can have the same password. >>> In-addition AFAIK we can have multiple private key here. In 4.4.x, the JKS >>> for ssl has been moved to catalina-server.xml. Therefore a separate >>> keystore can be maintained for this. These two configuration are mentioned >>> in [2]. >>> >>>> Thanks. >>>> *Dilan U. Ariyaratne* >>>> Senior Software Engineer >>>> WSO2 Inc. <http://wso2.com/> >>>> Mobile: +94766405580 <%2B94766405580> >>>> lean . enterprise . middleware >>>> >>>> >>>> _______________________________________________ >>>> Dev mailing list >>>> Dev@wso2.org >>>> http://wso2.org/cgi-bin/mailman/listinfo/dev >>>> >>>> >>> [1] - >>> <KeyStore> >>> <!-- Keystore file location--> >>> <Location>${carbon.home}/repository/resources/security/wso2c >>> arbon.jks</Location> >>> <!-- Keystore type (JKS/PKCS12 etc.)--> >>> <Type>JKS</Type> >>> <!-- Keystore password--> >>> <Password>wso2carbon</Password> >>> <!-- Private Key alias--> >>> <KeyAlias>wso2carbon</KeyAlias> >>> <!-- Private Key password--> >>> <KeyPassword>wso2carbon</KeyPassword> >>> </KeyStore> >>> >>> [2] - https://docs.wso2.com/display/ADMIN44x/Configuring+Keystor >>> es+in+WSO2+Products >>> >>> Regards, >>> Nira >>> >>> -- >>> >>> >>> *Niranjan Karunanandham* >>> Associate Technical Lead - WSO2 Inc. >>> WSO2 Inc.: http://www.wso2.com >>> >>> >> > -- *Niranjan Karunanandham* Associate Technical Lead - WSO2 Inc. WSO2 Inc.: http://www.wso2.com
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
