So, doing an install on a second system, and it looks like the X.509 keys that Wildfire’'s using are the same on all systems from the Linux tarball. This seems like a security concern to me…
Is it possible to have Wildfire autogenerate new keys on a fresh install, or at least have an interface to the keytool utility in the Server->Server Settings->Security Settings interface? I know I can manually do this on the commandline, but it seems like it’'d be better policy to have Wildfire be secure by default, and autogenerate keys for new installs.
Hey Graeme,
Thanks for your input. In the past, we discussed this idea with Matt and agreed that it would be a nice thing to have. Unfortunately, out of the box Java does not provide an easy way to generate certificates so we would have to use a library like http://www.bouncycastle.org/ or alike. I created the issue JM-492 for this improvement so feel free to vote for it to raise its priority.
Thanks,
– Gato
Hmm… But, what about just scripting the steps in the SSL Guide? Having the install process call “keytool -genkey” and “keytool -delete” on the existing keystore? Or do not all JREs come with “keytool”? If it doesn’‘t, perhaps the installer could just check to see if keytool exists, and if it’'s not present, fall back to the current behavior?
Graeme