Problem:
- Product Name: VisiBroker
- Product Version: 5.2.1
- Product Component: Borland Security Service
- Platform/OS Version: ALL
If a VBJ process (for example, Name Service) sets the password of the private
key in a configuration file, there is an inherent security risk since the
password is in clear. Is there any way to pass the password (and the keystore)
during the start-up time interactively?
Resolution:
Yes, the method to interactively supply password to the private key and thekeystore is detailed below. Please note that as of VBE 5.2.1, this method only
works with the default Java keystore format (JKS) and does not work with PKCS12
format.
Here are the steps to follow:
1. Create a Visibroker configuration file, please see one below for an example:
#ns_interactive.properties
vbroker.se.iiop_tp.scm.ssl.listener.port=2468
vbroker.security.disable=false
vbroker.naming.security.disable=false
vbroker.naming.security.transport=1
vbroker.security.peerAuthenticationMode=require_and_trust
vbroker.security.login=true
vbroker.security.login.realms=Certificate#ALL
vbroker.security.authentication.callbackHandler=com.borland.security.provider.authn.HostCallbackHandler
2. Run this command (assuming Visibroker Name Service is the running process):
>nameserv -J-Djavax.net.debug=all -config ns_interactive.properties
3. User will be prompted to enter the keystore location and password to the
private key.
#VisiBroker
#Security
