I need to encrypt the db credentials in glassfish. To do this I have used
create-password-alias and this encrypts the db passwords just fine. My issue
is that the encryption key for the db password is the glassfish master
password. Keeping it at the default password is a security hole but if I
change the master password I run into a problem. I can start glassfish with
the new master password but my secure port encounters an SSL error. My
unsecure port is live just fine but none of my secured wsdls work. I found a
solution which was to add the keystore password to the jvm-options in the
domain.xml. But as far as I can see, the keystore has to be the same as the
glassfish master password, if I change it, glassfish won't start. Does anyone
know if this is true? Can the keystore password be different than the master
password? If not, is there a way to encrypt the password in the jvm-options?
The domain.xml needs to be read available to developers. These are the
jvm-options I had to add: -Djavax.net.ssl.keyStorePassword=[new password]
-Djavax.net.ssl.trustStorePassword=[new password] I have tried creating an
alias password for these parameters but this did not work. Looks to me that a
config service is used to kick off glassfish (with these jvm-options) but
doesn't know how to use alias passwords. The two options that I can see is
either encrypting the password in the jvm-options or using a different
keystore password than the master-password.
--
[Message sent by forum member 'ELFanatic']
View Post: http://forums.java.net/node/892230