Answer the question
In order to leave comments, you need to log in
How secure is it to lay out JKS with a certificate without a password?
Uses .jks store for certificates, uses password for validation.
I don't really understand how to formulate the question, but probably something like this
1. Is the password for the certificate used only for validation, or is the private key in .jks encrypted with this password?
2. How safe is it in .git to upload the Java Keystore file itself, if the password to it is not laid out?
I'm writing a simple check for expiration date, but I can't figure out if it's dangerous to put production certificates on a public CI server
Answer the question
In order to leave comments, you need to log in
and I have a counter question: what do production certificates do in CI ?!
shouldn't other certificates be used in CI and testing than the sales one?
There are a lot of coolstoribro. One of the latest: Dodopizza pizzeria testing connected to Yandex combat processing and rolled back payments for some millions. (search on some Habré or gt)
// jks is encrypted with a password from it: https://stackoverflow.com/a/174135 metastatic.org/source/JKS.html
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question