Uploaded image for project: 'Artifactory Binary Repository'
  1. Artifactory Binary Repository
  2. RTFACT-7201

Support Client Authorization SSL/TLS in Remote Repositories and Replication

    XMLWordPrintable

    Details

    • Type: New Feature
    • Status: Resolved
    • Priority: Normal
    • Resolution: Fixed
    • Affects Version/s: 3.5.1, 4.5.1, 4.8.0, 5.4.1
    • Fix Version/s: 5.4.0
    • Component/s: HttpRepo, Replication
    • Labels:

      Description

      Client would like to be able to set the SSL connector in tomcat to clientAuth=true , to allow client-authenticated SSL as per: http://en.wikipedia.org/wiki/Transport_Layer_Security#Client-authenticated_TLS_handshake

      While you can configure the artifactory tomcat to do this in server.xml
      by putting in an SSL connector like so:
      <Connector
      protocol="HTTP/1.1"
      port="8081" maxThreads="200"
      scheme="https" secure="true" SSLEnabled="true"
      keystoreFile="/JFrogProds/tomcatkeystore" keystorePass="password"
      truststoreFile="/JFrogProds/tomcattruststore" truststorePass="password"
      clientAuth="true" sslProtocol="TLS"/>

      artifactory-to-artifactory communications such as remote repositories and replication do not work. Under normal circumstances one can set JVM parameters to provide the keystore to the HTTP client for example:
      -Djavax.net.ssl.keyStore=/var/opt/jfrog/artifactory/.keystore -Djavax.net.ssl.keyStorePassword=changeit

      However, tomcat does not appear to allow these particular JVM parameters to be passed through. (Although it does allow pass-through of trust-store parameters.)

      We should allow configuration of keys from the artifactory keystore to support this in push/pull replication and remote repositories.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              shayb Shay Bagants
              Reporter:
              markg Mark Galpin
              Votes:
              9 Vote for this issue
              Watchers:
              16 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: