starred/Quasar
1
0
Fork 0
mirror of https://github.com/quasar/Quasar.git synced 2026-04-25 23:35:58 +03:00
Code Issues 137 Projects Releases 10 Packages Wiki Activity

[GH-ISSUE #757] Password protected certificate .p12 files #501

New issue
Closed
opened 2026-02-27 15:50:39 +03:00 by kerem · 3 comments
kerem commented 2026-02-27 15:50:39 +03:00
Owner
Copy link

Originally created by @H4xl0r on GitHub (Feb 23, 2019).
Original GitHub issue: https://github.com/quasar/Quasar/issues/757

Would be nice to import own .p12 certs.

It would work , but he prompts with some PW wrong errors.
(generating randoms at moment)

So when importing , asking for PW.... Or print out PW when generating one.
Help would be nice thanks

Originally created by @H4xl0r on GitHub (Feb 23, 2019). Original GitHub issue: https://github.com/quasar/Quasar/issues/757 Would be nice to import own .p12 certs. It would work , but he prompts with some PW wrong errors. (generating randoms at moment) So when importing , asking for PW.... Or print out PW when generating one. Help would be nice thanks
kerem 2026-02-27 15:50:39 +03:00
kerem commented 2026-02-27 15:50:40 +03:00
Author
Owner
Copy link

@ndragon798 commented on GitHub (Dec 3, 2019):

Fixed in pull request #789

<!-- gh-comment-id:560988905 --> @ndragon798 commented on GitHub (Dec 3, 2019): Fixed in pull request #789
kerem commented 2026-02-27 15:50:40 +03:00
Author
Owner
Copy link

@H4xl0r commented on GitHub (Dec 6, 2019):

good job !

<!-- gh-comment-id:562669148 --> @H4xl0r commented on GitHub (Dec 6, 2019): good job !
kerem commented 2026-02-27 15:50:40 +03:00
Author
Owner
Copy link

@MaxXor commented on GitHub (Mar 12, 2023):

If you have the permissions restrictive enough on the private key (e.g. only letting Quasar user read it) this would probably be good enough. Quasar will have to keep the private key loaded in memory anyway; this might be harder for an attacker to recover, but if they have root access to the box you should consider the key compromised regardless.

I'd recommend locking down permissions on the certificate file and not having a password on it.

<!-- gh-comment-id:1465228911 --> @MaxXor commented on GitHub (Mar 12, 2023): If you have the permissions restrictive enough on the private key (e.g. only letting Quasar user read it) this would probably be good enough. Quasar will have to keep the private key loaded in memory anyway; this might be harder for an attacker to recover, but if they have root access to the box you should consider the key compromised regardless. I'd recommend locking down permissions on the certificate file and not having a password on it.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
dev
v1.4.1
v1.4.0
v1.3.0.0
v1.2.0.0
v1.1.0.0
v1.0.0.0
RELEASE4.1
RELEASE4
RELEASE3
RELEASE2
RELEASE1
Labels
Clear labels   
bug

   
bug

   
cant-reproduce

   
discussion

   
duplicate

   
easy

   
enhancement

   
help wanted

   
improvement

   
invalid

   
need more info

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
wont-add
No labels
bug
bug
cant-reproduce
discussion
duplicate
easy
enhancement
help wanted
improvement
invalid
need more info
pull-request
question
wont-add
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/Quasar#501
No description provided.