[jira] [Work logged] (ARTEMIS-4528) TLS support PEM format for key and trust store type

Thu, 07 Dec 2023 08:47:04 -0800 


     [ 
https://issues.apache.org/jira/browse/ARTEMIS-4528?focusedWorklogId=894556&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-894556
 ]

ASF GitHub Bot logged work on ARTEMIS-4528:
-------------------------------------------

                Author: ASF GitHub Bot
            Created on: 07/Dec/23 16:46
            Start Date: 07/Dec/23 16:46
    Worklog Time Spent: 10m 
      Work Description: gtully commented on PR #4706:
URL: 
https://github.com/apache/activemq-artemis/pull/4706#issuecomment-1845684962

   > > This looks great overall, but I have one question. Why did so many 
(seemingly) unrelated SSL resources change (e.g. keystores, truststores, etc.)?
   > 
   > My guess was the changes in the security resources 'build.sh' to create 
the needed certs resulted in a rerun of the script which updated all the 
certificates it creates.
   
   yep, and when I try to export the existing certs, the seem to have legacy 
formats, so the regen is actually no harm.
   
   openssl pkcs12 -in server-keystore.p12 -out server-key-cert.pem -nodes 
-password pass:$STORE_PASS
   Error outputting keys and certificates
   009E2FF3407F0000:error:0308010C:digital envelope 
routines:inner_evp_generic_fetch:unsupported:crypto/evp/evp_fetch.c:373:Global 
default library context, Algorithm (RC2-40-CBC : 0), Properties ()




Issue Time Tracking
-------------------

    Worklog Id:     (was: 894556)
    Time Spent: 1h 10m  (was: 1h)

> TLS support PEM format for key and trust store type
> ---------------------------------------------------
>
>                 Key: ARTEMIS-4528
>                 URL: https://issues.apache.org/jira/browse/ARTEMIS-4528
>             Project: ActiveMQ Artemis
>          Issue Type: Improvement
>          Components: Configuration
>    Affects Versions: 2.31.0
>            Reporter: Gary Tully
>            Assignee: Gary Tully
>            Priority: Major
>             Fix For: 2.32.0
>
>          Time Spent: 1h 10m
>  Remaining Estimate: 0h
>
> managing key and trust store passwords when the credentials are securely 
> stored or managed by other means is a nuisance.
> there is a nice PEM keystore provider at: 
> [https://github.com/ctron/pem-keystore]
> This gives us an intuitive way to easily reference a simple cert or key 
> without a password as is the case with jsk or pkcs12
> <acceptor 
> name="netty-ssl-acceptor">tcp://localhost:5500?sslEnabled=true;keyStorePath=server-keystore.pem;keyStoreType=PEM</acceptor>
>  



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to