To configure SSL in AEM 6.1, we add the properties for ~~org.apache.felix.http under /apps/system/config.author/. The values for properties such as org.apache.felix.https.keystore.key.password ~~org.apache.felix.https.keystore.truststore.password are not encrypted and can be seen by anyone who has access to crxde as they are plain text. This is a vulnerability and is there anything that can be done to keep it more secured?
-Venkatesh.
Views
Replies
Total Likes
I am sure support has seen this before - we are checking with them.,
Views
Replies
Total Likes
Support team stated:
Not possible to encrypt settings in configurations today - open a ticket.
Views
Replies
Total Likes
That's not true. Do a search on this: org.eclipse.jetty.util.security.Password
Views
Replies
Total Likes
Views
Likes
Replies