kafka-jira mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alla Tumarkin (JIRA)" <j...@apache.org>
Subject [jira] [Created] (KAFKA-5519) Support for multiple certificates in a single keystore
Date Mon, 26 Jun 2017 18:48:00 GMT
Alla Tumarkin created KAFKA-5519:
------------------------------------

             Summary: Support for multiple certificates in a single keystore
                 Key: KAFKA-5519
                 URL: https://issues.apache.org/jira/browse/KAFKA-5519
             Project: Kafka
          Issue Type: New Feature
          Components: security
    Affects Versions: 0.10.2.1
            Reporter: Alla Tumarkin


Background
Currently, we need to have a keystore exclusive to the component with exactly one key in it.
Looking at the JSSE Reference guide, it seems like we would need to introduce our own KeyManager
into the SSLContext which selects a configurable key alias name.
https://docs.oracle.com/javase/7/docs/api/javax/net/ssl/X509KeyManager.html 
has methods for dealing with aliases.
The goal here to use a specific certificate (with proper ACLs set for this client), and not
just the first one that matches.
Looks like it requires a code change to the SSLChannelBuilder



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message