[jboss-jira] [JBoss JIRA] (WFCORE-3133) [Migration operation] [Web to Undertow] truststore - keystore-password does it really needs to be mandatory?

Jiri Ondrusek (JIRA) issues at jboss.org
Wed Aug 2 02:38:00 EDT 2017 

     [ https://issues.jboss.org/browse/WFCORE-3133?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Jiri Ondrusek updated WFCORE-3133:
----------------------------------
    Description: 
In WildFly there is required to set keystore-password for truststore even though at least in case of JKS, it is possible to read public certificates even without providing the password.

Does it really make sense to require it?

In regards to migration operation, wouldn't it make sense in case of undefined {{ca-certificate-password}} to provide the security-realm truststore configuration default value "changeit" instead of failing the whole migrate operation?

Server has to be able to start after such migration -> with empty keystore password.


  was:
In WildFly there is required to set keystore-password for truststore even though at least in case of JKS, it is possible to read public certificates even without providing the password.

Does it really make sense to require it?

In regards to migration operation, wouldn't it make sense in case of undefined {{ca-certificate-password}} to provide the security-realm truststore configuration default value "changeit" instead of failing the whole migrate operation?




> [Migration operation] [Web to Undertow] truststore - keystore-password does it really needs to be mandatory?
> ------------------------------------------------------------------------------------------------------------
>
>                 Key: WFCORE-3133
>                 URL: https://issues.jboss.org/browse/WFCORE-3133
>             Project: WildFly Core
>          Issue Type: Bug
>    Affects Versions: 3.0.0.Beta30
>            Reporter: Jiri Ondrusek
>            Assignee: Jiri Ondrusek
>
> In WildFly there is required to set keystore-password for truststore even though at least in case of JKS, it is possible to read public certificates even without providing the password.
> Does it really make sense to require it?
> In regards to migration operation, wouldn't it make sense in case of undefined {{ca-certificate-password}} to provide the security-realm truststore configuration default value "changeit" instead of failing the whole migrate operation?
> Server has to be able to start after such migration -> with empty keystore password.



--
This message was sent by Atlassian JIRA
(v7.2.3#72005)

More information about the jboss-jira mailing list