When using cert/key pair for TLS, where is the keystore created

25 views

Skip to first unread message

Dominik Guhr

unread,

Jan 12, 2022, 11:08:04 AM1/12/22

to Quarkus Development mailing list

Hey everyone,

while reading through [1] I had some questions which I hope to find an answer for here.

There is the sentence "Quarkus will first try to load the given files as resources, and uses the filesystem as a fallback".

1) What exactly is meant by "load the given files as resources"? Could someone elaborate?

2) Under what exact circumstances does the filesystem fallback happen, and where does the generated keystore then rely in the filesystem? Can we manipulate this location?

3) When setting quarkus.http.ssl.certificate.key-store-password=your-password and using a cert / key pair, am I correct that the password is used internally for the generated keystore?

I am asking bc. of curiosity, and bc. of a (made up) situation like this: When the generated keystore is generated in the file system somewhere, and standard value is an insecure value like in "password, which is the current default, a possible attack vector may be (given you have access to the container/system in general, and yes I know this opens a whole lot of other doors ;) ) to search this generated keystore at the default location and try opening it using the standard value and thus getting access to potentially valuable certs/keys which could then be misused?

Thanks in advance, and best regards,

Dominik

[1] https://quarkus.io/guides/http-reference#providing-a-certificate-and-key-file

Max Rydahl Andersen

unread,

Jan 12, 2022, 4:45:39 PM1/12/22

to Dominik Guhr, Quarkus Development mailing list

Hi,
This list is for discussing the development of Quarkus and its extensions.
Your question sounds like it is more a question of how to use Quarkus in an application.

To make sure user questions and answers are easy to locate
please use https://github.com/quarkusio/quarkus/discussions or Stack Overflow to
ask Quarkus usage questions.

I encourage you to post the link to your question/post when you have it.

If you still think your question is more about Quarkus development then please follow
up with further details to clarify.

Thank you for using Quarkus!

--
You received this message because you are subscribed to the Google Groups "Quarkus Development mailing list" group.
To unsubscribe from this group and stop receiving emails from it, send an email to quarkus-dev...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/quarkus-dev/CAChHV7D1dsfLHUEyOGYmn-EhUC%3DowxwV66R66ppNCSy0Ac-GiQ%40mail.gmail.com.