You are viewing a plain text version of this content. The canonical link for it is here.

Posted to jira@kafka.apache.org by "Tigran Margaryan (Jira)" <ji...@apache.org> on 2021/12/05 09:30:00 UTC

[jira] [Commented] (KAFKA-13247) Adding functionality for loading private key entry by alias from the keystore

    [ https://issues.apache.org/jira/browse/KAFKA-13247?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17453550#comment-17453550 ] 

Tigran Margaryan commented on KAFKA-13247:
------------------------------------------

Hi [~dongjin] 

Thank you for looking into this issue and sorry for the late response.

Imagine the case with you own the multiple services/microservices within the one project and each of them (as a client) should connect to other applications/servers via Mutual TLS e.g. Kafka Broker, another secured server etc. The client's private key for Kafka cannot be used for connecting to another secured servers and vice a versa. For this case the project's  keystore should contain all the clients certificates i.e. one for connecting to Kafka , another one for connecting to a secured server etc. Hence there should be possibility to choose the "right" private key while establishing the connection to corresponding application/server.

> Adding functionality for loading private key entry by alias from the keystore
> -----------------------------------------------------------------------------
>
>                 Key: KAFKA-13247
>                 URL: https://issues.apache.org/jira/browse/KAFKA-13247
>             Project: Kafka
>          Issue Type: Improvement
>            Reporter: Tigran Margaryan
>            Priority: Major
>              Labels: kip-required
>
> Hello team,
> While configuring SSL for Kafka connectivity , I found out that there is no possibility to choose/load the private key entry by alias from the keystore defined via org.apache.kafka.common.config.SslConfigs.SSL_KEYSTORE_LOCATION_CONFIG. It turns out that the keystore could not have multiple private key entries .
> Kindly ask you to add that config (smth. like SSL_KEY_ALIAS_CONFIG) into SslConfigs with the corresponding functionality which should load only the private key entry by defined alias.
>  
> Thanks in advance. 



--
This message was sent by Atlassian Jira
(v8.20.1#820001)