Story #15211: separate client and server certificate

Author: mkhediri

api/api-archive-search/archive-search/src/main/resources/application-dev.yml

@@ -25,10 +25,10 @@ server:
   host:
   port: 8089
   ssl:
-    key-store: ../../../dev-deployment/environments/keystores/server/localhost/keystore_archive-search.jks
+    key-store: ../../../dev-deployment/environments/keystores/vitam-ui-service/server/localhost/keystore_archive-search.jks
     key-store-password: changeme
     key-password: changeme
-    trust-store: ../../../dev-deployment/environments/keystores/server/truststore_server.jks
+    trust-store: ../../../dev-deployment/environments/keystores/vitam-ui-service/truststore_vitam-ui.jks
     trust-store-password: changeme
     client-auth: want
     enabled-protocols: TLSv1.2,TLSv1.3
@@ -53,10 +53,10 @@ archive-search:
     secure: true
     ssl-configuration:
       truststore:
-        key-path: ../../../dev-deployment/environments/keystores/server/truststore_server.jks
+        key-path: ../../../dev-deployment/environments/keystores/vitam-ui-service/truststore_vitam-ui.jks
         key-password: changeme
       keystore:
-        key-path: ../../../dev-deployment/environments/keystores/server/localhost/keystore_archive-search.jks
+        key-path: ../../../dev-deployment/environments/keystores/vitam-ui-service/clients/keystore_archive-search.jks
         key-password: changeme
         type: JKS
       hostname-verification: false

api/api-collect/collect/src/main/resources/application-dev.yml

@@ -25,10 +25,10 @@ server:
   host:
   port: 8090
   ssl:
-    key-store: ../../../dev-deployment/environments/keystores/server/localhost/keystore_collect.jks
+    key-store: ../../../dev-deployment/environments/keystores/vitam-ui-service/server/localhost/keystore_collect.jks
     key-store-password: changeme
     key-password: changeme
-    trust-store: ../../../dev-deployment/environments/keystores/server/truststore_server.jks
+    trust-store: ../../../dev-deployment/environments/keystores/vitam-ui-service/truststore_vitam-ui.jks
     trust-store-password: changeme
     client-auth: want
     enabled-protocols: TLSv1.2,TLSv1.3
@@ -51,10 +51,10 @@ collect:
     secure: true
     ssl-configuration:
       truststore:
-        key-path: ../../../dev-deployment/environments/keystores/server/truststore_server.jks
+        key-path: ../../../dev-deployment/environments/keystores/vitam-ui-service/truststore_vitam-ui.jks
         key-password: changeme
       keystore:
-        key-path: ../../../dev-deployment/environments/keystores/server/localhost/keystore_collect.jks
+        key-path: ../../../dev-deployment/environments/keystores/vitam-ui-service/clients/keystore_collect.jks
         key-password: changeme
         type: JKS
       hostname-verification: false

api/api-gateway/src/main/resources/application-dev.yml

@@ -1,11 +1,11 @@
 server:
   port: 8070
   ssl:
-    key-store: ../../dev-deployment/environments/keystores/server/localhost/keystore_api-gateway.jks
+    key-store: ../../dev-deployment/environments/keystores/vitam-ui-service/server/localhost/keystore_api-gateway.jks
     key-store-password: changeme
     key-password: changeme
     client-auth: need
-    trust-store: ../../dev-deployment/environments/keystores/server/truststore_server.jks
+    trust-store: ../../dev-deployment/environments/keystores/vitam-ui-service/truststore_vitam-ui.jks
     trust-store-password: changeme
   max-http-request-header-size: 16KB
 

api/api-iam/iam/src/main/resources/application-dev.yml

@@ -22,10 +22,10 @@ server:
   host:
   port: 8083
   ssl:
-    key-store: ../../../dev-deployment/environments/keystores/server/localhost/keystore_iam.jks
+    key-store: ../../../dev-deployment/environments/keystores/vitam-ui-service/server/localhost/keystore_iam.jks
     key-store-password: changeme
     key-password: changeme
-    trust-store: ../../../dev-deployment/environments/keystores/server/truststore_server.jks
+    trust-store: ../../../dev-deployment/environments/keystores/vitam-ui-service/truststore_vitam-ui.jks
     trust-store-password: changeme
     client-auth: want
     enabled-protocols: TLSv1.2,TLSv1.3
@@ -53,10 +53,10 @@ cas-client:
   secure: true
   ssl-configuration:
     truststore:
-      key-path: ../../../dev-deployment/environments/keystores/server/truststore_server.jks
+      key-path: ../../../dev-deployment/environments/keystores/vitam-ui-service/truststore_vitam-ui.jks
       key-password: changeme
     keystore:
-      key-path: ../../../dev-deployment/environments/keystores/server/localhost/keystore_iam.jks
+      key-path: ../../../dev-deployment/environments/keystores/vitam-ui-service/clients/keystore_iam.jks
       key-password: changeme
       type: JKS
     hostname-verification: false
@@ -112,11 +112,11 @@ provisioning-client:
         secure: false
         ssl-configuration:
           keystore:
-            key-path: ../../../dev-deployment/environments/keystores/server/localhost/keystore_iam.jks
+            key-path: ../../../dev-deployment/environments/keystores/vitam-ui-service/clients/keystore_iam.jks
             key-password: changeme
             type: JKS
           truststore:
-            key-path: ../../../dev-deployment/environments/keystores/server/truststore_server.jks
+            key-path: ../../../dev-deployment/environments/keystores/vitam-ui-service/truststore_vitam-ui.jks
             key-password: changeme
             type: JKS
           hostname-verification: false
@@ -126,11 +126,11 @@ provisioning-client:
         secure: true
         ssl-configuration:
           keystore:
-            key-path: ../../../dev-deployment/environments/keystores/server/localhost/keystore_iam.jks
+            key-path: ../../../dev-deployment/environments/keystores/vitam-ui-service/clients/keystore_iam.jks
             key-password: changeme
             type: JKS
           truststore:
-            key-path: ../../../dev-deployment/environments/keystores/server/truststore_server.jks
+            key-path: ../../../dev-deployment/environments/keystores/vitam-ui-service/truststore_vitam-ui.jks
             key-password: changeme
             type: JKS
           hostname-verification: false

api/api-ingest/ingest/src/main/resources/application-dev.yml

@@ -15,10 +15,10 @@ server:
   host:
   port: 8088
   ssl:
-    key-store: ../../../dev-deployment/environments/keystores/server/localhost/keystore_ingest.jks
+    key-store: ../../../dev-deployment/environments/keystores/vitam-ui-service/server/localhost/keystore_ingest.jks
     key-store-password: changeme
     key-password: changeme
-    trust-store: ../../../dev-deployment/environments/keystores/server/truststore_server.jks
+    trust-store: ../../../dev-deployment/environments/keystores/vitam-ui-service/truststore_vitam-ui.jks
     trust-store-password: changeme
     client-auth: want
     enabled-protocols: TLSv1.2,TLSv1.3
@@ -43,10 +43,10 @@ ingest:
     secure: true
     ssl-configuration:
       truststore:
-        key-path: ../../../dev-deployment/environments/keystores/server/truststore_server.jks
+        key-path: ../../../dev-deployment/environments/keystores/vitam-ui-service/truststore_vitam-ui.jks
         key-password: changeme
       keystore:
-        key-path: ../../../dev-deployment/environments/keystores/server/localhost/keystore_ingest.jks
+        key-path: ../../../dev-deployment/environments/keystores/vitam-ui-service/clients/keystore_ingest.jks
         key-password: changeme
         type: JKS
       hostname-verification: false

api/api-pastis/pastis/src/main/resources/application-dev.yml

@@ -35,10 +35,10 @@ server:
   host:
   port: 8015
   ssl:
-    key-store: ../../../dev-deployment/environments/keystores/server/localhost/keystore_pastis.jks
+    key-store: ../../../dev-deployment/environments/keystores/vitam-ui-service/server/localhost/keystore_pastis.jks
     key-store-password: changeme
     key-password: changeme
-    trust-store: ../../../dev-deployment/environments/keystores/server/truststore_server.jks
+    trust-store: ../../../dev-deployment/environments/keystores/vitam-ui-service/truststore_vitam-ui.jks
     trust-store-password: changeme
     client-auth: want
     enabled-protocols: TLSv1.1,TLSv1.2,TLSv1.3
@@ -62,10 +62,10 @@ pastis:
     secure: true
     ssl-configuration:
       truststore:
-        key-path: ../../../dev-deployment/environments/keystores/server/truststore_server.jks
+        key-path: ../../../dev-deployment/environments/keystores/vitam-ui-service/truststore_vitam-ui.jks
         key-password: changeme
       keystore:
-        key-path: ../../../dev-deployment/environments/keystores/server/localhost/keystore_pastis.jks
+        key-path: ../../../dev-deployment/environments/keystores/vitam-ui-service/clients/keystore_pastis.jks
         key-password: changeme
         type: JKS
       hostname-verification: false

api/api-referential/referential/src/main/resources/application-dev.yml

@@ -19,10 +19,10 @@ server:
   port: 8087
   tomcat.connection-timeout: 60000
   ssl:
-    key-store: ../../../dev-deployment/environments/keystores/server/localhost/keystore_referential.jks
+    key-store: ../../../dev-deployment/environments/keystores/vitam-ui-service/server/localhost/keystore_referential.jks
     key-store-password: changeme
     key-password: changeme
-    trust-store: ../../../dev-deployment/environments/keystores/server/truststore_server.jks
+    trust-store: ../../../dev-deployment/environments/keystores/vitam-ui-service/truststore_vitam-ui.jks
     trust-store-password: changeme
     client-auth: want
     enabled-protocols: TLSv1.2,TLSv1.3
@@ -49,10 +49,10 @@ referential:
     secure: true
     ssl-configuration:
       truststore:
-        key-path: ../../../dev-deployment/environments/keystores/server/truststore_server.jks
+        key-path: ../../../dev-deployment/environments/keystores/vitam-ui-service/truststore_vitam-ui.jks
         key-password: changeme
       keystore:
-        key-path: ../../../dev-deployment/environments/keystores/server/localhost/keystore_referential.jks
+        key-path: ../../../dev-deployment/environments/keystores/vitam-ui-service/clients/keystore_referential.jks
         key-password: changeme
         type: JKS
       hostname-verification: false

cas/cas-server/src/main/config/cas-server-application-dev.yml

@@ -9,12 +9,12 @@ spring:
 server:
   ssl:
     #client-auth: want
-    key-store: ../../dev-deployment/environments/keystores/server/localhost/keystore_cas-server.jks
+    key-store: ../../dev-deployment/environments/keystores/vitam-ui-service/server/localhost/keystore_cas-server.jks
     key-store-password: changeme
     key-password: changeme
     enabled-protocols: TLSv1.2,TLSv1.3
     ciphers: ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384
-    #trust-store: ../../dev-deployment/environments/keystores/server/truststore_server.jks
+    #trust-store: ../../dev-deployment/environments/keystores/vitam-ui-service/truststore_vitam-ui.jks
     #trust-store-password: changeme
   host: dev.vitamui.com
   port: 8080
@@ -49,11 +49,11 @@ iam-client:
   secure: true
   ssl-configuration:
     keystore:
-      key-path: ../../dev-deployment/environments/keystores/server/localhost/keystore_cas-server.jks
+      key-path: ../../dev-deployment/environments/keystores/vitam-ui-service/clients/keystore_cas-server.jks
       key-password: changeme
       type: JKS
     truststore:
-      key-path: ../../dev-deployment/environments/keystores/server/truststore_server.jks
+      key-path: ../../dev-deployment/environments/keystores/vitam-ui-service/truststore_vitam-ui.jks
       key-password: changeme
     hostname-verification: false
 

deployment/ansible-vitamui/app_api_gateway.yml

@@ -8,5 +8,6 @@
     vitamui_struct: "{{ vitamui.api_gateway }}"
     vitamui_certificate_type: external
     password_keystore: "{{ keystores_server_api_gateway }}"
+    password_client_keystore: "{{ keystores_client_vitam_api_gateway }}"
     password_truststore: "{{ truststores_client_external }}"
     vitam_cert: "{{ vitam_certs.vitamui }}"

deployment/ansible-vitamui/app_archive_search.yml

@@ -8,5 +8,6 @@
     vitamui_struct: "{{ vitamui.archive_search }}"
     vitamui_certificate_type: external
     password_keystore: "{{ keystores_server_archive_search }}"
+    password_client_keystore: "{{ keystores_client_vitam_archive_search }}"
     password_truststore: "{{ truststores_client_external }}"
     vitam_cert: "{{ vitam_certs.vitamui }}"