[JBWS-4410] Replacing expired certificates with new ones #377
Conversation
|
@asoldano I fixed these failures on main branch. Can you please rebase this change from main ? Thanks! |
There was a problem hiding this comment.
The command from Jira confirms we no longer have expired certificates.
$ find -type f -name *store | xargs -I{} bash -c "echo {};(keytool -list -v -keystore {} -storepass changeit 2>/dev/null || keytool -list -v -keystore {} -storepass secret 2>/dev/null) | grep 'Valid from:'"
./modules/testsuite/shared-tests/src/test/etc/test.truststore
Valid from: Thu Mar 14 18:12:06 CET 2024 until: Sun Mar 12 18:12:06 CET 2034
Valid from: Thu Mar 14 18:16:54 CET 2024 until: Sun Mar 12 18:16:54 CET 2034
./modules/testsuite/shared-tests/src/test/etc/test.keystore
Valid from: Thu Mar 14 18:16:54 CET 2024 until: Sun Mar 12 18:16:54 CET 2034
./modules/testsuite/shared-tests/src/test/etc/client.keystore
Valid from: Thu Mar 14 18:12:06 CET 2024 until: Sun Mar 12 18:12:06 CET 2034
./modules/testsuite/cxf-tests/src/test/etc/serverTwoWaySSL.truststore
Valid from: Thu Mar 14 22:18:08 CET 2024 until: Sun Mar 12 22:18:08 CET 2034
./modules/testsuite/cxf-tests/src/test/etc/serverTwoWaySSL.keystore
Valid from: Fri Aug 02 03:42:27 CEST 2019 until: Wed Aug 02 03:42:27 CEST 2119
./modules/testsuite/cxf-tests/src/test/etc/test.truststore
Valid from: Thu Mar 14 18:12:06 CET 2024 until: Sun Mar 12 18:12:06 CET 2034
Valid from: Thu Mar 14 18:16:54 CET 2024 until: Sun Mar 12 18:16:54 CET 2034
./modules/testsuite/cxf-tests/src/test/etc/test.keystore
Valid from: Thu Mar 14 18:16:54 CET 2024 until: Sun Mar 12 18:16:54 CET 2034
./modules/testsuite/cxf-tests/src/test/etc/client.keystore
Valid from: Thu Mar 14 18:12:06 CET 2024 until: Sun Mar 12 18:12:06 CET 2034
./modules/testsuite/cxf-tests/src/test/etc/clientTwoWaySSL.truststore
Valid from: Fri Aug 02 03:42:27 CEST 2019 until: Wed Aug 02 03:42:27 CEST 2119
./modules/testsuite/cxf-tests/src/test/etc/clientTwoWaySSL.keystore
Valid from: Thu Mar 14 22:18:08 CET 2024 until: Sun Mar 12 22:18:08 CET 2034
./modules/testsuite/cxf-tests/src/test/etc/client.truststore
Valid from: Thu Mar 14 18:16:54 CET 2024 until: Sun Mar 12 18:16:54 CET 2034
./modules/testsuite/cloud-tests/test-feature-pack/src/main/resources/content/standalone/configuration/jbossws/test.keystore
Valid from: Thu Mar 14 18:16:54 CET 2024 until: Sun Mar 12 18:16:54 CET 2034
I have two points on this:
- the validity is +10 years in most cases, that is not that much, why not 100 or even some huge number?
- I might be lacking (basic?) knowledge on this but I would very much appreciate if each certificate comes with a command/script how it was generated to make the next iteration of extension smooth and doable by anybody
|
@jbliznak There is https://github.com/wildfly/wildfly/blob/main/testsuite/integration/ws/src/test/java/org/jboss/as/test/integration/ws/wsse/GenerateWSKeyStores.java to generate some of these keystore tools , and CXF guide to generate the keystore for https: https://github.com/apache/cxf/blob/main/distribution/src/main/release/samples/wsdl_first_https/src/main/config/KeyREADME.txt . I don't know if @asoldano used some better tool/script to update these keystore files. |
|
Thanks @jimma for the links. Actually I didn't remember about those and simply used keytool cmd line tool, similarly to the way it's described in the KeyREADME.txt. In regenerating keystores, what matters is the aliases being the same as before and client/server keystores staying coordinated. We can create a jira for adding documentation around this if you feel @jbliznak |
No description provided.