1 Reply Latest reply on Apr 4, 2013 6:42 AM by pskopek

    Multiple passwords in the vault, how to reference them in standalone.xml?

    gbays
    gbays Apr 3, 2013 10:38 AM

      I need an example of putting two passwords into the vault and then referencing them in standalone.xml. I have referenced the keystore file and password via the vault in the ssl connector line in standalone.xml, and have put the following reference to the truststore and password in as system properties. If I hardcode the unmasked truststore password all works, but even when using two interactive sessions (so that I get a separate handle for the second password, see bug AS7-5855), I cannot put two passwords into the vault and get the truststore reference to work. I get IOException: keystore was tampered with or password is incorrect. It is not getting the correct password. Using AS 7.1.3

       

       

       

      In standalone.xml:

       

       

       

      <system-property>

       

        <property name="javax.net.ssl.trustStore" value="Path /to/truststore/file" />

       

        <property name="javax.net.ssl.trustStorePassword" value="VAULT::truststore_pass::password::YjdkMDU10TMzTdmy........." /> // in the clear password works fine here

       

       

       

      </system-property>

       

       

       

      Do I need more lines in the <vault> <vault-option> section to reference the second password? Two vault tags will not parse.

       

       

       

      Any suggestions or two password example would be most welcome. I have tried referencing the keystore password with the same vault handle since it is the same--does not work. And I have generated vault dat files using  a reference to the keystore alone or with a separate reference to the truststore. Neither approach works.

       

       

       

      Thanks   Geoffrey Bays

        • 1. Re: Multiple passwords in the vault, how to reference them in standalone.xml?
          pskopek
          pskopek Apr 4, 2013 6:42 AM (in response to gbays)

          Hi Geoffrey,

           

          the problem is not in the vault. You are trying to configure ssl connector for JBossWeb and it has one attribute called "password" for keystore password and another "ca-certificate-password" for trustore password.

          Try to create two password in your vault for example using folowing commands:

          keytool -genkey -alias vault -keystore ~/dev/as7/vault.jks -keyalg RSA -keysize 1024 -storepass vault22 -keypass vault22 -dname "CN=Picketbox vault,OU=picketbox,O=JBoss,L=chicago,ST=il,C=us"

          ./bin/vault.sh -k ~/dev/as7/vault.jks -p vault22 -e ~/dev/as7/vault -i 50 -s 12345678 -v vault -b first -a password -x mysupersecret

          ./bin/vault.sh -k ~/dev/as7/vault.jks -p vault22 -e ~/dev/as7/vault -i 50 -s 12345678 -v vault -b second -a password -x myevenmoresecret

           

          Configure vault accoring to instructions on screen and use each VAULT::.... you got as your passwords in <ssl> connector attributes.

           

          BTW: Using system properties to store passwords is not very secure, since any app can see it (I am sure you know this).

            • Actions