You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jira@kafka.apache.org by "sebastien diaz (JIRA)" <ji...@apache.org> on 2018/05/24 09:36:00 UTC
[jira] [Commented] (KAFKA-5519) Support for multiple certificates
in a single keystore
[ https://issues.apache.org/jira/browse/KAFKA-5519?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16488721#comment-16488721 ]
sebastien diaz commented on KAFKA-5519:
---------------------------------------
I m working for a future production with a centralized monitoring tool.
Mixing different encryption technologes for JMX/RMI/... on a weblogic server. the usage of a single keystore on the same server is not optionnal and by server design.
Please add a config setCertAlias for clients/producer/consumer.
> Support for multiple certificates in a single keystore
> ------------------------------------------------------
>
> Key: KAFKA-5519
> URL: https://issues.apache.org/jira/browse/KAFKA-5519
> Project: Kafka
> Issue Type: New Feature
> Components: security
> Affects Versions: 0.10.2.1
> Reporter: Alla Tumarkin
> Priority: Major
> Labels: upstream-issue
>
> Background
> Currently, we need to have a keystore exclusive to the component with exactly one key in it. Looking at the JSSE Reference guide, it seems like we would need to introduce our own KeyManager into the SSLContext which selects a configurable key alias name.
> https://docs.oracle.com/javase/7/docs/api/javax/net/ssl/X509KeyManager.html
> has methods for dealing with aliases.
> The goal here to use a specific certificate (with proper ACLs set for this client), and not just the first one that matches.
> Looks like it requires a code change to the SSLChannelBuilder
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)