rbeckman-nextgen / test-mc3

0 stars 0 forks source link

Support PKCS12 keystore format #4138

Open rbeckman-nextgen opened 4 years ago

rbeckman-nextgen commented 4 years ago

I created a new keystore today because my old certificate had expired. I decided to switch to PKCS12 because the Java-specific keystore formats are being phased-out of the Java ecosystem.

I created my key and certificate and packaged them into a PKCS12 keystore. I edited conf/mirth.properties and set the correct filename and keystore.type=PKCS12.

When starting Mirth Connect, I got errors for both initializing the web server and initializing the "security settings" with a stack trace including com.sun.crypto.provider.JceKeyStore.engineLoad. I tried a few things but could not get Mirth to load the keystore in PKCS12 format.

I converted the PKCS12 keystore into JKS format (and changed the keystore.type config setting) and restarted Mirth. This allowed Mirth to load, but it seems that Mirth will re-package the keystore into a JCEKS keystore when adding the "encryption" SecretKey.

So it seems that only JCEKS keystores are supported.

Imported Issue. Original Details: Jira Issue Key: MIRTH-4282 Reporter: cschultz@chadis.com Created: 2018-05-30T08:15:36.000-0700

rbeckman-nextgen commented 4 years ago

Also see MIRTH-4223

Imported Comment. Original Details: Author: cschultz@chadis.com Created: 2018-12-12T17:24:23.000-0800

rbeckman-nextgen commented 4 years ago

This is useful reading, and the history is fairly amusing: https://neilmadden.blog/2017/11/17/java-keystores-the-gory-details/

Imported Comment. Original Details: Author: cschultz@chadis.com Created: 2019-12-13T07:02:36.000-0800