[KAFKA-5519] Support for multiple certificates in a single keystore - ASF JIRA

XML

Word

Printable

JSON

Details

Type: New Feature
Status: Open
Priority: Major
Resolution: Unresolved
Affects Version/s: 0.10.2.1
Fix Version/s: None
Component/s: security
Labels:
- upstream-issue

Description

Background
Currently, we need to have a keystore exclusive to the component with exactly one key in it. Looking at the JSSE Reference guide, it seems like we would need to introduce our own KeyManager into the SSLContext which selects a configurable key alias name.
https://docs.oracle.com/javase/7/docs/api/javax/net/ssl/X509KeyManager.html
has methods for dealing with aliases.
The goal here to use a specific certificate (with proper ACLs set for this client), and not just the first one that matches.
Looks like it requires a code change to the SSLChannelBuilder

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Alla Tumarkin

Votes:: 2 Vote for this issue

Watchers:: 5 Start watching this issue

Dates

Created:: 26/Jun/17 18:47

Updated:: 19/Dec/18 13:16