You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@ignite.apache.org by "Ilya Kasnacheev (JIRA)" <ji...@apache.org> on 2018/03/20 08:44:00 UTC
[jira] [Created] (IGNITE-7997) Ability to use different SSL trust
store password and private key password
Ilya Kasnacheev created IGNITE-7997:
---------------------------------------
Summary: Ability to use different SSL trust store password and private key password
Key: IGNITE-7997
URL: https://issues.apache.org/jira/browse/IGNITE-7997
Project: Ignite
Issue Type: Improvement
Components: security
Affects Versions: 2.4
Reporter: Ilya Kasnacheev
Currently, the same keyStorePwd is used for both trust store and private keys. For a while it is a usable approach. But sometimes these passwords are distinct and this should be supported by SslContextFactory. Tomcat [faced the same issue|https://stackoverflow.com/questions/15967650/caused-by-java-security-unrecoverablekeyexception-cannot-recover-key] and they eventually fixed it.
{code}
KeyStore keyStore = loadKeyStore(keyStoreType, keyStoreFilePath, keyStorePwd);
keyMgrFactory.init(keyStore, keyStorePwd);
{code}
Suggested config format:
{code}
<bean class="org.apache.ignite.ssl.SslContextFactory">
<property name="keyStoreFilePath" value="keystore/server.jks"/>
<property name="keyStorePassword" value="123456"/>
<property name="privateKeyPassword" value="234567"/>
<property name="trustStoreFilePath" value="keystore/trust.jks"/>
<property name="trustStorePassword" value="345678"/>
</bean>
{code}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)