Expand my Community achievements bar.

Enhance your AEM Assets & Boost Your Development: [AEM Gems | June 19, 2024] Improving the Developer Experience with New APIs and Events

SSL configuration

Avatar

Level 1

To configure SSL in AEM 6.1, we add the properties for ~~org.apache.felix.http under /apps/system/config.author/. The values for properties such as org.apache.felix.https.keystore.key.password ~~org.apache.felix.https.keystore.truststore.password are not encrypted and can be seen by anyone who has access to crxde as they are plain text. This is a vulnerability and is there anything that can be done to keep it more secured?

-Venkatesh.

3 Replies

Avatar

Level 10

I am sure support has seen this before - we are checking with them., 

Avatar

Level 10

Support team stated: 

Not possible to encrypt settings in configurations today - open a ticket.

Avatar

Level 4

That's not true.  Do a search on this: org.eclipse.jetty.util.security.Password