search

wso2 / product-apim

Welcome to the WSO2 API Manager source code! For info on working with the WSO2 API Manager repository and contributing code, click the link below.
http://wso2.github.io/
Apache License 2.0
853 stars 787 forks source link

When configure secure vault for log4j.properties for a custom keystore, password verification error comes #4903

Closed tgtshanika closed 3 years ago

tgtshanika commented 5 years ago

Description: This was done to verify the fix given for https://wso2.org/jira/browse/WSAS-1854

  1. Created a new keystore am.jks.
  2. Then apimanager instance was up an running correctly
  3. Then configure as below :

(xi) Copy the following two entries from resources/cipher-tool.properties to /repository/conf/security/cipher-tool.properties and uncomment them by removing the "#" : "Service.LoggingConfig.ArchivedPassword", "Service.LoggingConfig.Password".

(xii) Copy the following two entries from resources/cipher-text.properties to /repository/conf/security/cipher-text.properties and uncomment them by removing the "#" : "Service.LoggingConfig.ArchivedPassword", "Service.LoggingConfig.Password".

(xiii) Enter the passwords for the two entries copied in step (xiii) within the square-brackets. The passwords are the values defined for 'archivedPassword' and 'password' in /repository/conf/etc/logging-config.xml respectively.

(xiv) Excecute the ciphertool in /bin with the parameter -Dconfigure example: sh ciphertool.sh -Dconfigure

(xv) Now to encrypt the log4j.appender.LOGEVENT.password in log4j.properties, execute the ciphertool in /bin without any parameters. Enter the password when it prompts for a Plain text. It will generate the encrypt value for the Plain text.

(xvi) Add the entry, "Log4j.Appender.LOGEVENT.Password=" followed by the encrypted value obtained in step (xvi) to

/repository/conf/security/cipher-text.properties (xvii) Check if the following values are there and if not add them to /repository/conf/log4j.properties: log4j.appender.LOGEVENT.truststorePath=/repository/resources/security/client-truststore.jks log4j.appender.LOGEVENT.trustStorePassword=wso2carbon log4j.appender.LOGEVENT.streamDef=stream_nam P.S.: The truststorePath and trustStorePassword should be the one that is defined in carbon.xml (xviii) In /repository/conf/log4j.properties, change the value for log4j.appender.LOGEVENT.password and log4j.appender.LOGEVENT.trustStorePassword as follows: log4j.appender.LOGEVENT.password=secretAlias:Log4j.Appender.LOGEVENT.Password log4j.appender.LOGEVENT.trustStorePassword=secretAlias:Carbon.Security.TrustStore.Password ================ I have provided password as : password. Following exception is thrown. [error.log](https://github.com/wso2/product-apim/files/3225710/error.log)

By Ushani Balasooriya from https://wso2.org/jira/browse/APIMANAGER-3904

tgtshanika commented 5 years ago

The artifacts/resources related to the issue can be found in https://wso2.org/jira/browse/APIMANAGER-3904