How secure is it to lay out JKS with a certificate without a password?

S

Saboteur2017-10-17 17:03:33

Java

Saboteur, 2017-10-17 17:03:33

Uses .jks store for certificates, uses password for validation.
I don't really understand how to formulate the question, but probably something like this
1. Is the password for the certificate used only for validation, or is the private key in .jks encrypted with this password?
2. How safe is it in .git to upload the Java Keystore file itself, if the password to it is not laid out?
I'm writing a simple check for expiration date, but I can't figure out if it's dangerous to put production certificates on a public CI server

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

A

aol-nnov, 2017-10-17
@saboteur_kiev

and I have a counter question: what do production certificates do in CI ?!
shouldn't other certificates be used in CI and testing than the sales one?
There are a lot of coolstoribro. One of the latest: Dodopizza pizzeria testing connected to Yandex combat processing and rolled back payments for some millions. (search on some Habré or gt)
// jks is encrypted with a password from it: https://stackoverflow.com/a/174135 metastatic.org/source/JKS.html