You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@activemq.apache.org by "Brian Reinhold (JIRA)" <ji...@apache.org> on 2013/11/24 22:35:35 UTC

[jira] [Created] (APLO-341) SSL server configuration does not support separate truststore

Brian Reinhold created APLO-341:
-----------------------------------

             Summary: SSL server configuration does not support separate truststore
                 Key: APLO-341
                 URL: https://issues.apache.org/jira/browse/APLO-341
             Project: ActiveMQ Apollo
          Issue Type: Improvement
          Components: apollo-dto
    Affects Versions: 1.6
         Environment: Windows 7 Java: Suspect all environements
            Reporter: Brian Reinhold


When trying to configure the apollo broker to support client authentication there is no support for placing trusted client certificates in a separate truststore. One must place the certificates in the keystore containing the server's private key.

The common practice (as also done in ActiveMQ) is to place trusted certificates in a truststore that contains only trusted certificates (one may wish to interactively add trusted client certificates to this truststore) whereas the keystore containing the private key is locked up tight as a drum.



--
This message was sent by Atlassian JIRA
(v6.1#6144)