-
Type:
Bug
-
Status: Closed
-
Priority:
Major
-
Resolution: Fixed
-
Affects Version/s: 7.0.0
-
Fix Version/s: 7.0.0
-
Component/s: Module - Repository DS
-
Labels:
-
Target Version/s:
-
Verified Version/s:
-
Story Points:1
-
Sprint:2020.06 - IDM, 2020.07 - IDM
-
Epic Link:
With the new deployment key and password in DS, there is no longer a default server-cert self-signed certificate.
However, IDM still generates this server-cert for an embedded DJ:
keytool \
-list -v \
-keystore ~/path/to/openidm/security/keystore.jceks \
-storepass changeit
Keystore type: JCEKS
Keystore provider: SunJCE
Your keystore contains 6 entries
...
Alias name: server-cert
Creation date: Nov 4, 2019
Entry type: PrivateKeyEntry
Certificate chain length: 1
Certificate[1]:
Owner: CN=server-cert, O=OpenDJ Self-Signed Certificate, OU=None, L=None, ST=None, C=None
Issuer: CN=server-cert, O=OpenDJ Self-Signed Certificate, OU=None, L=None, ST=None, C=None
Serial number: 16e3586b611
Valid from: Sat Oct 05 10:27:31 SAST 2019 until: Sun Nov 04 10:27:31 SAST 2029
Certificate fingerprints:
SHA1: B5:0D:44:8A:FE:38:58:81:E0:50:DF:4F:9D:93:0C:4C:19:97:5B:F6
SHA256: D6:07:01:EE:3C:41:D4:42:4B:08:2F:86:F0:17:5F:B9:5B:24:4B:9D:3B:5C:FA:56:55:FA:A9:0C:42:5C:44:93
Signature algorithm name: SHA512withRSA
Subject Public Key Algorithm: 2048-bit RSA key
Version: 3
We should remove the generation of this cert from the server startup.