You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@ignite.apache.org by "Ilya Kasnacheev (JIRA)" <ji...@apache.org> on 2019/01/14 10:21:00 UTC
[jira] [Commented] (IGNITE-10911) Need to enforce truststore key
when control utility connect to cluster with SSL enabled
[ https://issues.apache.org/jira/browse/IGNITE-10911?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16741916#comment-16741916 ]
Ilya Kasnacheev commented on IGNITE-10911:
------------------------------------------
"Default trust store" is a feature (and not an overlook/unspecified behavior) so its removal has to be justified.
Let's introduce --ssl-untrusted to be able to turn this mode on explicitly.
> Need to enforce truststore key when control utility connect to cluster with SSL enabled
> ---------------------------------------------------------------------------------------
>
> Key: IGNITE-10911
> URL: https://issues.apache.org/jira/browse/IGNITE-10911
> Project: Ignite
> Issue Type: Bug
> Affects Versions: 2.5
> Reporter: ARomantsov
> Priority: Major
> Fix For: 2.8
>
>
> I use the next setting in my app
> {code:java}
> <property name="clientConnectorConfiguration">
> <bean class="org.apache.ignite.configuration.ClientConnectorConfiguration">
> <property name="sslEnabled" value="true"/>
> <property name="sslClientAuth" value="true"/>
> <property name="sslContextFactory">
> <bean class="org.apache.ignite.ssl.SslContextFactory">
> <property name="keyStoreFilePath" value="${TEST_DIR}/server.jks"/>
> <property name="keyStorePassword" value="*"/>
> <property name="trustStoreFilePath" value="${TEST_DIR}/trust.jks"/>
> <property name="trustStorePassword" value="*"/>
> </bean>
> </property>
> </bean>
> </property>
> <property name="sslContextFactory">
> <bean class="org.apache.ignite.ssl.SslContextFactory">
> <property name="keyStoreFilePath" value="${TEST_DIR}/server.jks"/>
> <property name="keyStorePassword" value="*"/>
> <property name="trustStoreFilePath" value="${TEST_DIR}/trust.jks"/>
> <property name="trustStorePassword" value="*"/>
> </bean>
> </property>
> <!-- Enable SSL for external connect -->
> <property name="connectorConfiguration">
> <bean class="org.apache.ignite.configuration.ConnectorConfiguration">
> <property name="sslEnabled" value="true"/>
> <property name="sslClientAuth" value="true"/>
> </bean>
> </property>
> {code}
> And can get the result of command - control.bat --baseline --keystore..\server.jks --keystore-password * without set up truststore
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)