Uploaded image for project: 'Artifactory Binary Repository'
  1. Artifactory Binary Repository
  2. RTFACT-7201

Support Client Authorization SSL/TLS in Remote Repositories and Replication

    Details

    • Type: New Feature
    • Status: Resolved
    • Priority: Normal
    • Resolution: Fixed
    • Affects Version/s: 3.5.1, 4.5.1, 4.8.0, 5.4.1
    • Fix Version/s: 5.4.0
    • Component/s: HttpRepo, Replication
    • Labels:
    • Sprint:
      Leap 13, Leap 14, Leap 15

      Description

      Client would like to be able to set the SSL connector in tomcat to clientAuth=true , to allow client-authenticated SSL as per: http://en.wikipedia.org/wiki/Transport_Layer_Security#Client-authenticated_TLS_handshake

      While you can configure the artifactory tomcat to do this in server.xml
      by putting in an SSL connector like so:
      <Connector
      protocol="HTTP/1.1"
      port="8081" maxThreads="200"
      scheme="https" secure="true" SSLEnabled="true"
      keystoreFile="/JFrogProds/tomcatkeystore" keystorePass="password"
      truststoreFile="/JFrogProds/tomcattruststore" truststorePass="password"
      clientAuth="true" sslProtocol="TLS"/>

      artifactory-to-artifactory communications such as remote repositories and replication do not work. Under normal circumstances one can set JVM parameters to provide the keystore to the HTTP client for example:
      -Djavax.net.ssl.keyStore=/var/opt/jfrog/artifactory/.keystore -Djavax.net.ssl.keyStorePassword=changeit

      However, tomcat does not appear to allow these particular JVM parameters to be passed through. (Although it does allow pass-through of trust-store parameters.)

      We should allow configuration of keys from the artifactory keystore to support this in push/pull replication and remote repositories.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                shayb Shay Bagants
                Reporter:
                markg Mark Galpin
                Assigned QA:
                Yogev Abergel (Inactive)
              • Votes:
                9 Vote for this issue
                Watchers:
                16 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: