Hi, In ballerina server connector both certPassword and keyStorePassword were there as mandatory fields [1]. In my opinion it would be better if we can make certPassword optional if we are sticking with using the same password for the private key and keystore. In the carbon transports code, it checks whether there is a certPassword added and if not, keyStorePassword is set as the certPassword. In that case making certPassword optional in ballerina side would be enough.
[1] https://github.com/ballerinalang/ballerina/blob/master/modules/ballerina-http/src/main/java/org/ballerinalang/net/http/HttpUtil.java#L923 Thanks and Regards Bhashinee On Wed, Jan 10, 2018 at 5:49 PM, Pubudu Fernando <pubu...@wso2.com> wrote: > Yeah, I added 2 certificates with the same password, and a different > password for the key store and it worked. > > > On Wed, Jan 10, 2018 at 5:07 PM, Afkham Azeez <az...@wso2.com> wrote: > >> Yeah, this has been something discussed over and over again over the past >> many years and everybody has been sticking with using the same password for >> the private key and keystore. >> >> > Then shall we just leave it as it is (using the same password for both > store and keys)? > > Regards, > Pubudu > > Azeez >> >> On Wed, Jan 10, 2018 at 5:03 PM, Prabath Siriwardena <prab...@wso2.com> >> wrote: >> >>> AFAIK that's how it worked - same password for the private key and the >>> key store.. >>> >>> But reading your mail, it says.. >>> >>> "However, if the passwords of all the keys were the same, it worked >>> correctly. The password of the key store was different from the password(s) >>> of the keys in both scenarios. " >>> >>> Does that mean when you have multiple private keys with the same >>> password - but a different password for the key sore, it worked..? >>> >>> Thanks & regards, >>> -Prabath >>> >>> On Wed, Jan 10, 2018 at 3:22 AM, Pubudu Fernando <pubu...@wso2.com> >>> wrote: >>> >>>> Hi All, >>>> >>>> We were looking into getting multiple keys with unique passwords in the >>>> same key store to work (for the HTTP transport [1]). But when the passwords >>>> were unique to each key, it resulted in an UnrecoverableKeyException. >>>> However, if the passwords of all the keys were the same, it worked >>>> correctly. The password of the key store was different from the password(s) >>>> of the keys in both scenarios. >>>> >>>> Checked several Stackoverflow questions related to this [2], [3], [4], >>>> [5] and pretty much every answer to this was to use the same password for >>>> both the key store and the key. >>>> >>>> Tomcat also seem to follow this approach of keeping the store and key >>>> passwords the same [6]. >>>> >>>> Does anyone know whether this can or cannot be done for certain? >>>> >>>> If this cannot be done, are we also going to keep following the >>>> Tomcat's (and others') approach of using the same password for both key >>>> store and the key? >>>> >>>> [1] - https://github.com/wso2/transport-http/blob/master/compone >>>> nts/org.wso2.transport.http.netty/src/main/java/org/wso2/tra >>>> nsport/http/netty/common/ssl/SSLHandlerFactory.java >>>> >>>> [2] - https://stackoverflow.com/questions/35709433/java-keystore >>>> -with-multiple-keys-and-different-passwords >>>> >>>> [3] - https://stackoverflow.com/questions/15967650/caused-by-jav >>>> a-security-unrecoverablekeyexception-cannot-recover-key?nore >>>> direct=1&lq=1 >>>> >>>> [4] - https://stackoverflow.com/questions/1321557/can-not-get-ke >>>> y-from-keystore >>>> >>>> [5] - https://stackoverflow.com/questions/2889238/keystore-chang >>>> e-passwords/2889605 >>>> >>>> [6] - https://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html#Pr >>>> epare_the_Certificate_Keystore >>>> >>>> Thanks. >>>> >>>> -- >>>> Best Regards, >>>> >>>> *Pubudu Fernando* >>>> Software Engineer >>>> WSO2 (www.wso2.com) >>>> m: +94 77 888 2543 <077%20888%202543> >>>> >>>> <https://lk.linkedin.com/in/pubuduf> <http://blog.pubudu.xyz/> >>>> <https://github.com/pubudu91> >>>> <http://stackoverflow.com/users/4329912/pubudu> >>>> >>>> >>> >>> >>> -- >>> Thanks & Regards, >>> Prabath >>> >>> Twitter : @prabath >>> LinkedIn : http://www.linkedin.com/in/prabathsiriwardena >>> >>> Mobile : +1 650 625 7950 <+1%20650-625-7950> >>> >>> Blog: http://blog.facilelogin.com >>> Vlog: http://vlog.facilelogin.com >>> >>> >>> >> >> >> -- >> *Afkham Azeez* >> Senior Director, Platform Architecture; WSO2, Inc.; http://wso2.com >> Member; Apache Software Foundation; http://www.apache.org/ >> * <http://www.apache.org/>* >> *email: **az...@wso2.com* <az...@wso2.com> >> * cell: +94 77 3320919 <+94%2077%20332%200919>blog: * >> *http://blog.afkham.org* <http://blog.afkham.org> >> *twitter: **http://twitter.com/afkham_azeez* >> <http://twitter.com/afkham_azeez> >> *linked-in: **http://lk.linkedin.com/in/afkhamazeez >> <http://lk.linkedin.com/in/afkhamazeez>* >> >> *Lean . Enterprise . Middleware* >> > > > > -- > Best Regards, > > *Pubudu Fernando* > Software Engineer > WSO2 (www.wso2.com) > m: +94 77 888 2543 <+94%2077%20888%202543> > > <https://lk.linkedin.com/in/pubuduf> <http://blog.pubudu.xyz/> > <https://github.com/pubudu91> > <http://stackoverflow.com/users/4329912/pubudu> > > > _______________________________________________ > Dev mailing list > Dev@wso2.org > http://wso2.org/cgi-bin/mailman/listinfo/dev > > -- *Bhashinee Nirmali* *Software Engineer* *WSO2 Lanka (Private) Limited: **http://wso2.com <http://www.google.com/url?q=http%3A%2F%2Fwso2.com&sa=D&sntz=1&usg=AFQjCNEZvyc0uMD1HhBaEGCBxs6e9fBObg>* *lean.enterprise.middle-ware* *phone: (+94) 71 21 50003* <http://wso2.com/signature>
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
