Skip to content

Story #15673 & #15675: feat(pki) - Migrate to PKCS12 and optimize certificate generation. #3535

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
GiooDev wants to merge 8 commits into
base: develop
Choose a base branch
from
Open

Story #15673 & #15675: feat(pki) - Migrate to PKCS12 and optimize certificate generation. #3535

GiooDev wants to merge 8 commits into from
+610 −1,728

Conversation

@GiooDev
Copy link
Contributor

@GiooDev GiooDev commented Feb 2, 2026
edited
Loading

Description

Updating PKI

  • Remove unnecessary timestamping configurations.
  • Do not generate keystores for UI components.
  • Migrate keystores and truststores from proprietary JKS (Java KeyStore) format to industry-standard PKCS12 format.
  • Generate pem certs only for services needed to be loaded in database security/certificates (cas-server & ui-*).

Ansible

  • Update certificates loaded in the database conditionally, based on hosts defined in groups. Unwanted components are not loaded in security/certificates database.
  • Deploying keystores and truststores as p12 instead of jks.

Type de changement

  • PKI
  • Ansiblerie
  • Correction
  • Refactorisation de code

Contributeur

  • Programme Vitam

@GiooDev GiooDev added this to the IT 165 milestone Feb 2, 2026
@GiooDev GiooDev self-assigned this Feb 2, 2026
@GiooDev GiooDev added Security Modules update OPS REVIEW Mandatory if deployment/ directory is modified. labels Feb 2, 2026
@vitam-prg
Copy link
Collaborator

vitam-prg commented Feb 2, 2026
edited
Loading

Logo
Checkmarx One – Scan Summary & Details44fe3b7d-7fa3-49a2-9a03-910f0b019edc

Fixed Issues (13)

Great job! The following issues were fixed in this Pull Request

Severity Issue Source File / Package
LOW Log_Forging /api/api-referential/referential/src/main/java/fr/gouv/vitamui/referential/server/rest/LogbookManagementOperationController.java: 80
LOW Log_Forging /api/api-referential/referential/src/main/java/fr/gouv/vitamui/referential/server/rest/LogbookManagementOperationController.java: 106
LOW Log_Forging /api/api-referential/referential/src/main/java/fr/gouv/vitamui/referential/server/rest/LogbookManagementOperationController.java: 65
LOW Log_Forging /api/api-referential/referential/src/main/java/fr/gouv/vitamui/referential/server/rest/LogbookManagementOperationController.java: 80
LOW Log_Forging /api/api-referential/referential/src/main/java/fr/gouv/vitamui/referential/server/rest/LogbookManagementOperationController.java: 105
LOW Log_Forging /api/api-referential/referential/src/main/java/fr/gouv/vitamui/referential/server/rest/LogbookManagementOperationController.java: 105
LOW Log_Forging /api/api-referential/referential/src/main/java/fr/gouv/vitamui/referential/server/rest/LogbookManagementOperationController.java: 106
LOW Log_Forging /api/api-referential/referential/src/main/java/fr/gouv/vitamui/referential/server/rest/LogbookManagementOperationController.java: 80
LOW Log_Forging /api/api-referential/referential/src/main/java/fr/gouv/vitamui/referential/server/rest/LogbookManagementOperationController.java: 80
LOW Log_Forging /api/api-referential/referential/src/main/java/fr/gouv/vitamui/referential/server/rest/LogbookManagementOperationController.java: 81
LOW Log_Forging /api/api-referential/referential/src/main/java/fr/gouv/vitamui/referential/server/rest/LogbookManagementOperationController.java: 105
LOW Log_Forging /api/api-referential/referential/src/main/java/fr/gouv/vitamui/referential/server/rest/LogbookManagementOperationController.java: 106
LOW Log_Forging /api/api-referential/referential/src/main/java/fr/gouv/vitamui/referential/server/rest/LogbookManagementOperationController.java: 65

Use @Checkmarx to interact with Checkmarx PR Assistant.
Examples:
@Checkmarx how are you able to help me?
@Checkmarx rescan this PR

@GiooDev GiooDev force-pushed the story_15673 branch 2 times, most recently from fd0cb24 to f66e6ca Compare February 2, 2026 19:03
@GiooDev GiooDev changed the title Story #15673: Major PKI cleaning Story #15673 & #15675: Major PKI cleaning Feb 2, 2026
@GiooDev GiooDev force-pushed the story_15673 branch 4 times, most recently from 9d993bd to 5c002f1 Compare February 2, 2026 22:12
@GiooDev GiooDev mentioned this pull request Feb 3, 2026
Draft
@GiooDev GiooDev changed the title Story #15673 & #15675: Major PKI cleaning Story #15673 & #15675: feat(pki) - Migrate to PKCS12 and optimize certificate generation. Feb 3, 2026
mkhediri
mkhediri reviewed Feb 4, 2026
View reviewed changes
deployment/roles/vitamui/tasks/referential.yml
@@ -33,7 +33,7 @@
- name: List existing external archiving system truststores
find:
paths: "{{ vitamui_folder_conf }}"
Copy link
Contributor

@mkhediri mkhediri Feb 4, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Changer aussi la config application-dev.yml pour pointer vers p12 au lieu de jks

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mkhediri mkhediri mkhediri left review comments

@bbenaissa bbenaissa bbenaissa approved these changes

@lotfivitam lotfivitam Awaiting requested review from lotfivitam

At least 2 approving reviews are required to merge this pull request.

Assignees

@GiooDev GiooDev

Labels

OPS REVIEW Mandatory if deployment/ directory is modified. Security Modules update

Projects

None yet

Milestone

IT 165

Development

Successfully merging this pull request may close these issues.

4 participants

@GiooDev @vitam-prg @bbenaissa @mkhediri