Uploaded image for project: 'OpenIDM'
  1. OpenIDM
  2. OPENIDM-14038

IDM still creates unnecessary server-cert certificate on startup

    Details

      Description

      With the new deployment key and password in DS, there is no longer a default server-cert self-signed certificate.
      However, IDM still generates this server-cert for an embedded DJ:

       keytool \          
       -list -v \
       -keystore ~/path/to/openidm/security/keystore.jceks \
       -storepass changeit
      Keystore type: JCEKS
      Keystore provider: SunJCE
      
      Your keystore contains 6 entries
      
      ...
      
      Alias name: server-cert
      Creation date: Nov 4, 2019
      Entry type: PrivateKeyEntry
      Certificate chain length: 1
      Certificate[1]:
      Owner: CN=server-cert, O=OpenDJ Self-Signed Certificate, OU=None, L=None, ST=None, C=None
      Issuer: CN=server-cert, O=OpenDJ Self-Signed Certificate, OU=None, L=None, ST=None, C=None
      Serial number: 16e3586b611
      Valid from: Sat Oct 05 10:27:31 SAST 2019 until: Sun Nov 04 10:27:31 SAST 2029
      Certificate fingerprints:
           SHA1: B5:0D:44:8A:FE:38:58:81:E0:50:DF:4F:9D:93:0C:4C:19:97:5B:F6
           SHA256: D6:07:01:EE:3C:41:D4:42:4B:08:2F:86:F0:17:5F:B9:5B:24:4B:9D:3B:5C:FA:56:55:FA:A9:0C:42:5C:44:93
      Signature algorithm name: SHA512withRSA
      Subject Public Key Algorithm: 2048-bit RSA key
      Version: 3
      

      We should remove the generation of this cert from the server startup.

        Attachments

          Activity

            People

            • Assignee:
              dhogan Dirk Hogan
              Reporter:
              Lana Lana Frost
            • Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: