Uploaded image for project: 'EJBCA'
  1. EJBCA
  2. ECA-4213

Option to explicitly set keystore password during enrollment

    Details

    • Issue discovered during:
      Integration

      Description

      Currently, during the enrollment of soft keystores (P12 and JKS), the generated keystore will be protected with a password equal to end entity password.

      It would be beneficial if it were possible to provide the end entity password for authentication purposes, while still being able to set a distinct, separate password for the P12/JKS keystore itself during the enrollment (on the public web enrollment page).

      This will help with two situations:

      • When renewing a JBoss keystore, people will often set a temporary password for the end entity that does not match with configuraiton in the standalone.xml. This way their attention could be drawn to this new password that can be set.
      • When generating JBoss keystores after the statedump import, current procedure is to set a single password for all end entities (many of which can be user-generated tokens where it does not matter), and then go to admin web to change the end entity password before issuing a JBoss keystore. This is quite a number of unnecessary page visits, and doing away with this would shorten the time to issue JBoss keystores.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned
              Reporter:
              branko Branko Majic (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: