[
https://issues.apache.org/jira/browse/SOLR-11678?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16268463#comment-16268463
]
Constantin Bugneac commented on SOLR-11678:
-------------------------------------------
I'm using official Docker image 6.6.2 without any modifications. I don't edit
or add any files inside container and pass configuration parameters via
environment variables when spinning up the container. e.g. of docker-compose
file which I use to test locally:
---
version: '3.3'
services:
solr-master:
image: "solr:6.6"
container_name: "solr-master"
environment:
SOLR_HOME: "/opt/solr/server/solr"
SOLR_PORT: "8983"
SOLR_SSL_KEY_STORE: "solr/solr-ssl.keystore.jks"
SOLR_SSL_KEY_STORE_PASSWORD: "password"
SOLR_SSL_KEY_STORE_TYPE: "JKS"
SOLR_SSL_TRUST_STORE: "solr/solr-ssl.keystore.jks"
SOLR_SSL_TRUST_STORE_PASSWORD: "password"
SOLR_SSL_TRUST_STORE_TYPE: "JKS"
SOLR_SSL_NEED_CLIENT_AUTH: "false"
SOLR_SSL_WANT_CLIENT_AUTH: "false"
ENABLE_REMOTE_JMX_OPTS: "true"
RMI_PORT: "18983"
ports:
- "8983:8983"
- "18983:18983"
volumes:
- ./solr-master-volume:/opt/solr/server/solr:rw
I don't want to store JKS file with server certificate and especially private
key unprotected (good practice). Does it make sense to you?
Secondly, I find misleading to have 2 options like SOLR_SSL_KEY_STORE_PASSWORD
and SOLR_SSL_TRUST_STORE_PASSWORD but not being able to use them effectively
because they have to match.
> SSL not working if store and key passwords are different
> --------------------------------------------------------
>
> Key: SOLR-11678
> URL: https://issues.apache.org/jira/browse/SOLR-11678
> Project: Solr
> Issue Type: Bug
> Security Level: Public(Default Security Level. Issues are Public)
> Components: security
> Affects Versions: 6.6.2
> Reporter: Constantin Bugneac
>
> If I specify different passwords for store and key then Solr fails to read
> certificate from JKS file with the below error.
> Example:
> SOLR_SSL_KEY_STORE_PASSWORD: "secret1"
> SOLR_SSL_TRUST_STORE_PASSWORD: "secret2"
> If I set the same password for both - it works just fine.
> Tested with the docker image 6.6.2 available here
> https://hub.docker.com/_/solr/
> I don't know whether this is JAVA nuance or Solr implementation issue but
> from security point of view there there is no point to have the same password
> assigned for both the key store and private key bound to specific certificate.
> Expected behaviour: It should allow to specify different passwords.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
