Yair Zaslavsky has submitted this change and it was merged. Change subject: pki: use PKCS#12 format to store keys ...................................................................... pki: use PKCS#12 format to store keys Java supports standard cryptographic format PKCS#12, this format bundles private key and certificate chain into one file with integrity of passphrase. Using Java proprietary key store format force additional work if using non-Java solutions. This change is a migration from JKS and duplicates into single PKCS#12 keystore for private key store. It does not handle the trust store which is left as JKS for now. Remove unnecessary scripts from CA implementations that do not support this effort. Also issue separate apache certificate and key to ease future enrollment separation. Change-Id: I2abda5778477faff09798a43cf3dc96435efb272 Signed-off-by: Alon Bar-Lev <alonbl@redhat.com> Bug-Url: https://bugzilla.redhat.com/show_bug.cgi?id=854540 --- M Makefile M backend/manager/conf/ca/CreateCA.sh D backend/manager/conf/ca/CreateKStore.sh D backend/manager/conf/ca/CreatePem.sh D backend/manager/conf/ca/CreateReq.sh D backend/manager/conf/ca/exportK2SSH.sh D backend/manager/conf/ca/generate-ssh-keys D backend/manager/conf/ca/importToKeyStore.sh M backend/manager/conf/ca/installCA.sh M backend/manager/conf/ca/installCA_dev.sh D backend/manager/conf/ca/store-utils.sh M backend/manager/dbscripts/upgrade/pre_upgrade/0000_config.sql M backend/manager/modules/common/src/main/java/org/ovirt/engine/core/common/config/ConfigValues.java M backend/manager/modules/dal/pom.xml M backend/manager/modules/dal/src/test/java/org/ovirt/engine/core/dal/dbbroker/generic/DomainsPasswordMapTest.java D backend/manager/modules/dal/src/test/resources/.keystore A backend/manager/modules/dal/src/test/resources/key.p12 M backend/manager/modules/engineencryptutils/src/main/java/org/ovirt/engine/core/engineencryptutils/EncryptionUtils.java D backend/manager/modules/engineencryptutils/src/main/java/org/ovirt/engine/core/engineencryptutils/StoreUtils.java M backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/hostinstall/VdsInstallerSSH.java M backend/manager/modules/utils/src/main/java/org/ovirt/engine/core/utils/ssl/AuthSSLProtocolSocketFactory.java M backend/manager/modules/utils/src/test/java/org/ovirt/engine/core/utils/hostinstall/VdsInstallerSSHTest.java D backend/manager/modules/utils/src/test/resources/.hostKstore D backend/manager/modules/utils/src/test/resources/.keystore A backend/manager/modules/utils/src/test/resources/key.p12 M backend/manager/tools/engine-notifier/engine-notifier-service/src/main/java/org/ovirt/engine/core/notifier/EngineMonitorService.java M packaging/fedora/engine-service.xml.in M packaging/fedora/setup/basedefs.py M packaging/fedora/setup/engine-cleanup.py M packaging/fedora/setup/engine-setup.py M packaging/fedora/setup/engine-upgrade.py M packaging/fedora/spec/ovirt-engine.spec.in 32 files changed, 279 insertions(+), 703 deletions(-) Approvals: Yair Zaslavsky: Verified; Looks good to me, approved -- To view, visit http://gerrit.ovirt.org/6883 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: merged Gerrit-Change-Id: I2abda5778477faff09798a43cf3dc96435efb272 Gerrit-PatchSet: 13 Gerrit-Project: ovirt-engine Gerrit-Branch: master Gerrit-Owner: Alon Bar-Lev <alonbl@redhat.com> Gerrit-Reviewer: Alex Lourie <alourie@redhat.com> Gerrit-Reviewer: Alon Bar-Lev <alonbl@redhat.com> Gerrit-Reviewer: Barak Azulay <bazulay@redhat.com> Gerrit-Reviewer: Doron Fediuck <dfediuck@redhat.com> Gerrit-Reviewer: Juan Hernandez <juan.hernandez@redhat.com> Gerrit-Reviewer: Ofer Schreiber <oschreib@redhat.com> Gerrit-Reviewer: Yair Zaslavsky <yzaslavs@redhat.com> Gerrit-Reviewer: oVirt Jenkins CI Server