qpid-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rob Godfrey <rob.j.godf...@gmail.com>
Subject Re: [Java Broker] Usage of any certificate from keystore
Date Thu, 26 Oct 2017 14:49:28 GMT
On 26 October 2017 at 13:27, Vavricka <vavricka.tomas@gmail.com> wrote:

> Hi,
>
> I have working amqps in Java broker. Clients can connect without any
> issues.
>
> You can specify certificate alias, if there are multiple certificates in
> keystore. I wonder if there is possibility to use any of certificates from
> keystore. I tried '*' as certificate alias, but alias from keystore is
> expected.
>
>
I'm not sure I really understand the requirement here... it seems odd to
say "pick a random certificate from this keystore"... Something like "pick
a *valid* certificate from this keystore with the furthest away expiration
date" might make more sense I think (otherwise you'd still need to remember
to delete the expired certificate some time).  Ultimately we might also
want to introduce something to choose which certificate is served up
depending on the SNI in the client request, but that's probably a separate
piece of work.

-- Rob

Usage of any certificate from keystore can be helpful in situations when
> certificate is expiring and it needs to be replaced by newer certificate
> (certificates can overlap).
>
> Vavricka
>
>
>
> --
> Sent from: http://qpid.2158936.n2.nabble.com/Apache-Qpid-users-
> f2158936.html
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
> For additional commands, e-mail: users-help@qpid.apache.org
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message