Uploaded image for project: 'Dev - Nexus Repo'
  1. Dev - Nexus Repo
  2. NEXUS-11870

jetty-https.xml obfuscated keystore truststore password values are confusing

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 3.1.0
    • Fix Version/s: 3.5.0
    • Component/s: Bootstrap
    • Labels:
    • Release Note:
      Yes

      Description

      jetty-https.xml contains

      <Set name="KeyStorePath"><Property name="ssl.etc"/>/keystore.jks</Set>
          <Set name="KeyStorePassword">OBF:1v2j1uum1xtv1zej1zer1xtn1uvk1v1v</Set>
          <Set name="KeyManagerPassword">OBF:1v2j1uum1xtv1zej1zer1xtn1uvk1v1v</Set>
          <Set name="TrustStorePath"><Property name="ssl.etc"/>/keystore.jks</Set>
          <Set name="TrustStorePassword">OBF:1v2j1uum1xtv1zej1zer1xtn1uvk1v1v</Set>
      

      Users don't understand what these OBF values translate to.

      Users don't understand they can simply type plain text passwords there.

      Users don't understand how to obfuscate passwords even if they want to obfuscate passwords.

      Expected

      • change the default values in that file to literally 'changeit' password - which is the default password of the of the cacerts truststore file - this will make it work if the user starts with a copy of that file this is simply the plain text version of the OBF value that customers may already be using - this avoids any potential regressions if they are using the default value
      • clarify in the documentation examples ( if any ) the use of 'changeit' instead of some other value
      • clarify in the documentation how to generate an OBF password if needed, using the files that ship with Nexus

        Attachments

          Activity

            People

            Assignee:
            fmilens Frederick Milens
            Reporter:
            plynch Peter Lynch
            Last Updated By:
            Peter Lynch
            Team:
            Nexus - Core
            Votes:
            1 Vote for this issue
            Watchers:
            4 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:
              Date of First Response:

                tigCommentSecurity.panel-title