[ https://issues.apache.org/jira/browse/ARTEMIS-4528?focusedWorklogId=894556&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-894556 ]
ASF GitHub Bot logged work on ARTEMIS-4528: ------------------------------------------- Author: ASF GitHub Bot Created on: 07/Dec/23 16:46 Start Date: 07/Dec/23 16:46 Worklog Time Spent: 10m Work Description: gtully commented on PR #4706: URL: https://github.com/apache/activemq-artemis/pull/4706#issuecomment-1845684962 > > This looks great overall, but I have one question. Why did so many (seemingly) unrelated SSL resources change (e.g. keystores, truststores, etc.)? > > My guess was the changes in the security resources 'build.sh' to create the needed certs resulted in a rerun of the script which updated all the certificates it creates. yep, and when I try to export the existing certs, the seem to have legacy formats, so the regen is actually no harm. openssl pkcs12 -in server-keystore.p12 -out server-key-cert.pem -nodes -password pass:$STORE_PASS Error outputting keys and certificates 009E2FF3407F0000:error:0308010C:digital envelope routines:inner_evp_generic_fetch:unsupported:crypto/evp/evp_fetch.c:373:Global default library context, Algorithm (RC2-40-CBC : 0), Properties () Issue Time Tracking ------------------- Worklog Id: (was: 894556) Time Spent: 1h 10m (was: 1h) > TLS support PEM format for key and trust store type > --------------------------------------------------- > > Key: ARTEMIS-4528 > URL: https://issues.apache.org/jira/browse/ARTEMIS-4528 > Project: ActiveMQ Artemis > Issue Type: Improvement > Components: Configuration > Affects Versions: 2.31.0 > Reporter: Gary Tully > Assignee: Gary Tully > Priority: Major > Fix For: 2.32.0 > > Time Spent: 1h 10m > Remaining Estimate: 0h > > managing key and trust store passwords when the credentials are securely > stored or managed by other means is a nuisance. > there is a nice PEM keystore provider at: > [https://github.com/ctron/pem-keystore] > This gives us an intuitive way to easily reference a simple cert or key > without a password as is the case with jsk or pkcs12 > <acceptor > name="netty-ssl-acceptor">tcp://localhost:5500?sslEnabled=true;keyStorePath=server-keystore.pem;keyStoreType=PEM</acceptor> > -- This message was sent by Atlassian Jira (v8.20.10#820010)