2 Replies Latest reply on Apr 22, 2014 12:06 PM by amckeown

    Using JSSE and Encrypting JKS passwords

    amckeown

      I'm using the JSSE SSL implementation on WLS and custom trust and identity keystores. At the moment the setDomain.env has the JKS trust store password as plain text (see below snip), within the arguments as javax.net.ssl needs to be used. Normally you wouldn't need to express it within the setDomain.env under the certicom SSL implementation.

      Same old problem if someone is running a ps –aux they can see the password as its in plain text. 

       

       

      http://stackoverflow.com/questions/17815289/hide-jks-keystore-truststore-password-when-running-java-process

       

      It’s mentioned in the above that you can mask off people ps –aux your process as well.

       

      Snip/

       

      ESB_APW_Server)

      . ${DOMAIN_HOME}/pepper-config/env/esb-mock-srvc-prop.sh

      . ${DOMAIN_HOME}/pepper-config/env/esb-env-properties.sh

      EXTRA_JAVA_PROPERTIES="-DUseSunHttpHandler=true -Xms1500m -Xmx1500m -Djava.util.logging.config.file=${DOMAIN_HOME}/pepper-config/properties/esb_jutill_logging.properties -Desb.log4j.service.config=${DOMAIN_HOME}/pepper-config/properties/esb-logging.xml -Djavax.net.ssl.trustStoreType=JKS -Djavax.net.ssl.trustStore=/apps_01/webapps/keystores/truststore/cacerts -Djavax.net.ssl.trustStorePassword=changeit -Djavax.net.ssl.keyStoreType=JKS -Djavax.net.ssl.keyStore=/apps_data_01/security/keystores/42122-esb-apw-int/keystore/42122-esb-apw.jks -Djavax.net.ssl.keyStorePassword=${password} ${EXTRA_JAVA_PROPERTIES}"

       

      Is there method(s) of making it encrypted? Or do we need to make the application use a file?