Ilya Kasnacheev created IGNITE-7997:
---------------------------------------
Summary: Ability to use different SSL trust store password and private key password
Key: IGNITE-7997
URL:
https://issues.apache.org/jira/browse/IGNITE-7997 Project: Ignite
Issue Type: Improvement
Components: security
Affects Versions: 2.4
Reporter: Ilya Kasnacheev
Currently, the same keyStorePwd is used for both trust store and private keys. For a while it is a usable approach. But sometimes these passwords are distinct and this should be supported by SslContextFactory. Tomcat [faced the same issue|
https://stackoverflow.com/questions/15967650/caused-by-java-security-unrecoverablekeyexception-cannot-recover-key] and they eventually fixed it.
{code}
KeyStore keyStore = loadKeyStore(keyStoreType, keyStoreFilePath, keyStorePwd);
keyMgrFactory.init(keyStore, keyStorePwd);
{code}
Suggested config format:
{code}
<bean class="org.apache.ignite.ssl.SslContextFactory">
<property name="keyStoreFilePath" value="keystore/server.jks"/>
<property name="keyStorePassword" value="123456"/>
<property name="privateKeyPassword" value="234567"/>
<property name="trustStoreFilePath" value="keystore/trust.jks"/>
<property name="trustStorePassword" value="345678"/>
</bean>
{code}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
Locked
