View Issue Details

IDProjectCategoryView StatusLast Update
0005162SymmetricDSBugpublic2022-04-12 15:00
Reporterdavidsparkles Assigned Toelong  
Prioritynormal 
Status resolvedResolutionfixed 
Product Version3.12.13 
Target Version3.13.5Fixed in Version3.13.5 
Summary0005162: Keystore becomes invalid after Generating and adding a new Keypair
DescriptionI am using the official SymmetricDS Docker Image, you can find here https://hub.docker.com/r/jumpmind/symmetricds

I start the Container, get a shell inside of it (docker exec -it <container-id> /bin/sh), go to /opt/symmetric-ds/security and doing the exact same steps described in the documentation https://www.symmetricds.org/doc/3.12/html/user-guide.html#_generating_keys

After that I stop and remove the container and start a new one. (I have the security directory mounted, so it does not get lost. I also verified that the new keypair is still in cacerts and keystore).

I get the following logs:
> docker logs --tail 1000 -f f9a25922a8a2
Waiting for server to start
......
Started
2021-12-15 14:38:25,551 WARN [startup] [TransportManagerFactory] [main] No trust store found: java.io.IOException: Invalid keystore format
2021-12-15 14:38:36,791 WARN [startup] [TransportManagerFactory] [main] No trust store found: java.io.IOException: Invalid keystore format

Either here is a bug or the documentation should be updated.

Please let me know if there is any way I can assist you fixing this. Security is very important.
 
Steps To Reproducesee description
Tagskeystore, security

Activities

davidsparkles

2021-12-15 14:43

reporter   ~0002029

One addition:

Before adding the keypair SymmetricDS works just fine with the default (testing) keystore and cacerts.

elong

2021-12-15 18:28

developer   ~0002030

It's working for me. Did you accidentally change the storetype of cacerts to jceks?

davidsparkles

2021-12-21 12:37

reporter   ~0002031

Hi elong, sorry for the late response.
Yeah, that might have been the issue.

I just tested the import of sym.cer into cacerts with -storetype=jks and afterwards SymmetricDS worked.

Still I am a little confused, why keytool -list is telling me that the cacerts file has type jceks.

However, it meight make sense to inklude the hint to use -storetype=jks for the import in the documentation https://www.symmetricds.org/doc/3.12/html/user-guide.html#_generating_keys

Thank you for your help.
Awesome product btw!

Cheers
David

Related Changesets

SymmetricDS: 3.13 8042a4c7

2022-04-12 14:05:44

admin

Details Diff
0005162: add keytool storetype arg Affected Issues
0005162
mod - symmetric-assemble/src/asciidoc/advanced-topics.ad Diff File

Issue History

Date Modified Username Field Change
2021-12-15 14:41 davidsparkles New Issue
2021-12-15 14:41 davidsparkles Tag Attached: keystore
2021-12-15 14:41 davidsparkles Tag Attached: security
2021-12-15 14:43 davidsparkles Note Added: 0002029
2021-12-15 18:28 elong Note Added: 0002030
2021-12-15 18:29 elong Status new => feedback
2021-12-21 12:37 davidsparkles Note Added: 0002031
2021-12-21 12:37 davidsparkles Status feedback => new
2022-04-12 14:06 elong Assigned To => elong
2022-04-12 14:06 elong Status new => resolved
2022-04-12 14:06 elong Resolution open => fixed
2022-04-12 14:06 elong Fixed in Version => 3.13.5
2022-04-12 14:06 elong Target Version => 3.13.5
2022-04-12 15:00 admin Changeset attached => SymmetricDS 3.13 8042a4c7