You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This looks like a great approach to setting up a vault for Tomcat. I've got your solution working, with local customization, but am concerned about a warning I'm seeing.
When I initialize the vault with keytool, i'm getting the follow:
Warning:
The JCEKS keystore uses a proprietary format. It is recommended to migrate to PKCS12 which is an industry standard format using "keytool -importkeystore -srckeystore vault_data/vault.keystore -destkeystore vault_data/vault.keystore -deststoretype pkcs12".
The vault.sh tool (next step in initializing) works fine though.
If I do what the warning suggests and switch to pkcs12, then the vault.sh tool gives this error:
Exception encountered: java.lang.RuntimeException: Unable to get keystore ([vault_data/vault.keystore])
(yes, i've made some modifications to how the vault location works, but have it working fine with jceks)
Any way to get rid of that warning? Also, is the keystore configuration as you implemented it FIPS compliant?
The text was updated successfully, but these errors were encountered:
This looks like a great approach to setting up a vault for Tomcat. I've got your solution working, with local customization, but am concerned about a warning I'm seeing.
When I initialize the vault with keytool, i'm getting the follow:
The vault.sh tool (next step in initializing) works fine though.
If I do what the warning suggests and switch to pkcs12, then the vault.sh tool gives this error:
(yes, i've made some modifications to how the vault location works, but have it working fine with jceks)
Any way to get rid of that warning? Also, is the keystore configuration as you implemented it FIPS compliant?
The text was updated successfully, but these errors were encountered: