[jira] [Created] (OOZIE-3049) Provision to pass Key alias with Oozie SSL

["HARIKRISHNAN Ck (JIRA)" <ji...@apache.org>]

HARIKRISHNAN Ck created OOZIE-3049:
--------------------------------------

             Summary: Provision to pass Key alias with Oozie SSL
                 Key: OOZIE-3049
                 URL: https://issues.apache.org/jira/browse/OOZIE-3049
             Project: Oozie
          Issue Type: Improvement
            Reporter: HARIKRISHNAN Ck
            Priority: Minor


Currently, there are provisions to set the keyStore and keyPassword. Per Oozie documentation:

OOZIE_HTTPS_KEYSTORE_FILE : The location of the keystore file containing the certificate information. Default value ${HOME}/.keystore (i.e. the home dir of the Oozie user).

OOZIE_HTTPS_KEYSTORE_PASS : The password of the keystore file. Default value password 

However, there is no provision to set the keySotreAlias. In a Production Cluster there are good chances of having multiple keys in a kesytore and it's likely possible that multiple keys are present.
Per tomcat documentation : 
keyAlias: The alias used for the server key and certificate in the keystore. If not specified, the first key read from the keystore will be used. The order in which keys are read from the keystore is implementation dependent. It may not be the case that keys are read from the keystore in the same order as they were added. If more than one key is present in the keystore it is strongly recommended that a keyAlias is configured to ensure that the correct key is used.


 The work around would be to edit the server.xml and add the keyAlias field. Editing "server.xml" is not a recommended solution as this has to be done every time oozie-setup.sh script is executed also these steps are not documented any where. We should have a variable which can be set in the oozie-env.sh





--
This message was sent by Atlassian JIRA
(v6.4.14#64029)