-
1. Re: How to secure ssl keystore password
erasmomarciano Oct 24, 2012 9:35 AM (in response to yjma2001)You check here
https://community.jboss.org/wiki/CREATEDATASOURCEENCRYPTAS7WithVAULT
In following link you will find an example for datasasource.
You can follow everything except 2) In datasources tag
-
2. Re: How to secure ssl keystore password
yjma2001 Oct 24, 2012 2:33 PM (in response to erasmomarciano)Thanks for response. I knew we could use VAULT to secure the ssl keysore password. But my question was besides VAULT, does Jboss provide other way such as using JAAS custom login module as a security domain to encrypt the keystore password? In this way, I could encrypt the keystore passwork by using my own cryto library.
Thanks
Jack
-
3. Re: How to secure ssl keystore password
ctomc Oct 24, 2012 2:42 PM (in response to yjma2001)You can write custom login module
read more about that:
https://community.jboss.org/wiki/JBossAS7SecurityCustomLoginModules
http://theholyjava.wordpress.com/2012/06/21/creating-custom-login-modules-in-jboss-as-7-and-earlier/
http://middlewaremagic.com/jboss/?p=2193
--
tomaz
-
4. Re: How to secure ssl keystore password
yjma2001 Oct 24, 2012 2:54 PM (in response to ctomc)Thanks Tomaz.
Yes, we could write our own JAAS login module like the links described. But how could we use this login module to secure the ssl keystore password defined at ssl section?
<connector name="https" protocol="HTTP/1.1" scheme="https" socket-binding="https" secure="true"> <ssl name="dvs-ssl" key-alias="test" password="secret" certificate-key-file="C:\\test.keystore" protocol="TLSv1" verify-client="false"/> </connector> We do not want to use VAULT. We like to use our own crypto libratry to do the decryption in the JAAS login module.
Thanks
Jack