Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bug Report: keystore/truststore JVM Option might not be fully implemented /FISH-7793 #6351

Open
docktordreh opened this issue Aug 2, 2023 · 1 comment
Open

Bug Report: keystore/truststore JVM Option might not be fully implemented /FISH-7793 #6351

docktordreh opened this issue Aug 2, 2023 · 1 comment
Assignees
@artur-mal
Labels
Status: Accepted Confirmed defect or accepted improvement to implement, issue has been escalated to Platform Dev Type: Bug Label issue as a bug defect

Comments

@docktordreh
Copy link

Brief Summary

I have tested the JVM Options javax.net.ssl.keyStore, javax.net.ssl.trustStore to use a centralized keystore for multiple domains. This feature is interesting because the app uses certificates from the truststore, keys from the keystore, to sign/encrypt messages.

In the app, I changed it so that every access to the keystore/truststore will be made by using the specified path in the jvm options.

To test my app, I removed the default keystore and truststore.

Expected Outcome

The payara domain works without the default keystore/truststore if the option specifying a different location is set.
It does not ask for a masterpassword.

Current Outcome

The payara domain fails to start, asking for a masterpassword.
Even when explicitly setting the password beforehand, the masterpassword doesn't work.

To my understanding, the masterpassword is also the password securing the keystore/truststore. My thinking is that it tries to decrypt the default key/truststore, which don't exist, and therefore it fails

Reproducer

  • create payara domain
  • create a copy of the domains keystore, truststore and point the jvm options javax.net.ssl.keyStore and javax.net.ssl.trustStore to the corresponding location (in which payara has permissions to read/write)
  • optional: set a masterpassword asadmin change-master-password
  • up until now, everything works fine
  • remove default keystore, truststore
  • stop domain and start it again
  • on start, it asks for a masterpassword

Operating System

Ubuntu Server 20.04

JDK Version

OpenJDK 1.8.0_262-b10

Payara Distribution

Payara Server Full Profile
@docktordreh docktordreh added Status: Open Issue has been triaged by the front-line engineers and is being worked on verification Type: Bug Label issue as a bug defect labels Aug 2, 2023
@kalinchan
Copy link
Member

Hi @docktordreh,

It is uncertain whether or not this use case is supported. I have raised an investigation under FISH-7793 and we will proceed from there.

@fturizo fturizo changed the title Bug Report: keystore/truststore JVM Option might not be fully implemented Bug Report: keystore/truststore JVM Option might not be fully implemented /FISH-7793 Oct 4, 2023
@fturizo fturizo added Status: Accepted Confirmed defect or accepted improvement to implement, issue has been escalated to Platform Dev and removed Status: Open Issue has been triaged by the front-line engineers and is being worked on verification labels Oct 4, 2023
@fturizo fturizo assigned artur-mal and unassigned kalinchan Oct 4, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@artur-mal artur-mal

Labels
Status: Accepted Confirmed defect or accepted improvement to implement, issue has been escalated to Platform Dev Type: Bug Label issue as a bug defect
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@fturizo @artur-mal @kalinchan @docktordreh