-
Type:
Bug
-
Status: Closed
-
Priority:
Major
-
Resolution: Fixed
-
Affects Version/s: 7.0.0
-
Fix Version/s: 7.0.0
-
Component/s: Module - Repository DS
-
Labels:
-
Target Version/s:
-
Verified Version/s:
-
Story Points:1
-
Sprint:2020.06 - IDM, 2020.07 - IDM
-
Epic Link:
With the new deployment key and password in DS, there is no longer a default server-cert self-signed certificate.
However, IDM still generates this server-cert for an embedded DJ:
keytool \ -list -v \ -keystore ~/path/to/openidm/security/keystore.jceks \ -storepass changeit Keystore type: JCEKS Keystore provider: SunJCE Your keystore contains 6 entries ... Alias name: server-cert Creation date: Nov 4, 2019 Entry type: PrivateKeyEntry Certificate chain length: 1 Certificate[1]: Owner: CN=server-cert, O=OpenDJ Self-Signed Certificate, OU=None, L=None, ST=None, C=None Issuer: CN=server-cert, O=OpenDJ Self-Signed Certificate, OU=None, L=None, ST=None, C=None Serial number: 16e3586b611 Valid from: Sat Oct 05 10:27:31 SAST 2019 until: Sun Nov 04 10:27:31 SAST 2029 Certificate fingerprints: SHA1: B5:0D:44:8A:FE:38:58:81:E0:50:DF:4F:9D:93:0C:4C:19:97:5B:F6 SHA256: D6:07:01:EE:3C:41:D4:42:4B:08:2F:86:F0:17:5F:B9:5B:24:4B:9D:3B:5C:FA:56:55:FA:A9:0C:42:5C:44:93 Signature algorithm name: SHA512withRSA Subject Public Key Algorithm: 2048-bit RSA key Version: 3
We should remove the generation of this cert from the server startup.