Details
-
Type:
New Feature
-
Status: Closed
-
Priority:
Major
-
Resolution: Won't Do
-
Affects Version/s: None
-
Fix Version/s: None
-
Component/s: Public Web UI
-
Labels:
-
Issue discovered during:Integration
Description
Currently, during the enrollment of soft keystores (P12 and JKS), the generated keystore will be protected with a password equal to end entity password.
It would be beneficial if it were possible to provide the end entity password for authentication purposes, while still being able to set a distinct, separate password for the P12/JKS keystore itself during the enrollment (on the public web enrollment page).
This will help with two situations:
- When renewing a JBoss keystore, people will often set a temporary password for the end entity that does not match with configuraiton in the standalone.xml. This way their attention could be drawn to this new password that can be set.
- When generating JBoss keystores after the statedump import, current procedure is to set a single password for all end entities (many of which can be user-generated tokens where it does not matter), and then go to admin web to change the end entity password before issuing a JBoss keystore. This is quite a number of unnecessary page visits, and doing away with this would shorten the time to issue JBoss keystores.
Attachments
Issue Links
- is related to
-
ECA-5175 Support for delegated key pair generation
-
- Closed
-