Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unable to select alias for https #11430

Open
viniciusxyz opened this issue Dec 11, 2024 · 2 comments
Open

Unable to select alias for https #11430

viniciusxyz opened this issue Dec 11, 2024 · 2 comments

Comments

@viniciusxyz
Copy link
Contributor

viniciusxyz commented Dec 11, 2024
edited
Loading

Expected Behavior

When using one of the properties below I hope the correct alias is selected in PKCS12

micronaut.ssl.key.alias=alias2
micronaut.server.ssl.key.alias=alias2

Actual Behaviour

When I have a PKCS12 with several aliases, I cannot select the desired alias with the properties mentioned above

The alias property "micronaut.ssl.key.alias" is set to "alias2", however when validating the http certificate we should see a CN "localhost2":

image

Steps To Reproduce

  1. Download, compile and run the example application below:

https://github.com/viniciusxyz/https-micronaut

This application has a certificate at the root that was created using this commands:

keytool -genkeypair -v -keystore keystore.p12 -storetype PKCS12 -alias alias1 -keyalg RSA -keysize 2048 -validity 3650 -dname "CN=localhost, OU=Spring Boot, O=My Company, L=City, ST=State, C=BR" -storepass password
keytool -genkeypair -v -keystore keystore.p12 -storetype PKCS12 -alias alias2 -keyalg RSA -keysize 2048 -validity 3650 -dname "CN=localhost2, OU=Spring Boot, O=My Company, L=City, ST=State, C=BR" -storepass password
keytool -genkeypair -v -keystore keystore.p12 -storetype PKCS12 -alias alias3 -keyalg RSA -keysize 2048 -validity 3650 -dname "CN=localhost3, OU=Spring Boot, O=My Company, L=City, ST=State, C=BR" -storepass password
  1. Validate the certificate used for https in the browser, I am validating the CN field and as you can see, each alias has a keypair with a different CN field

Environment Information

No response

Example Application

https://github.com/viniciusxyz/https-micronaut

Version

4.7.6
@viniciusxyz viniciusxyz changed the title The documentation does not provide a way to indicate an alias for https Unable to select alias for https Dec 12, 2024
@yawkat
Copy link
Member

yawkat commented Dec 30, 2024

Yea I think it's just not implemented

@viniciusxyz
Copy link
Contributor Author

Yea I think it's just not implemented

As soon as I have time I will carry out an implementation and send the PR. Thanks for the clarification

@viniciusxyz viniciusxyz mentioned this issue Jan 13, 2025
Merged
graemerocher pushed a commit that referenced this issue Jan 27, 2025
@viniciusxyz
Method for extracting the added alias (#11503)
93b612e 
The approach used is very simple, the content of the alias is extracted and a new object representing a keystore is created only with that alias, this way it is possible to load only the desired alias and no more errors occur when we have multiple aliases in the keystore each with a password

Related issue #11430
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@yawkat @viniciusxyz