Return-Path: X-Original-To: apmail-zookeeper-user-archive@www.apache.org Delivered-To: apmail-zookeeper-user-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 0728ED7C5 for ; Tue, 16 Oct 2012 12:43:05 +0000 (UTC) Received: (qmail 62259 invoked by uid 500); 16 Oct 2012 12:43:04 -0000 Delivered-To: apmail-zookeeper-user-archive@zookeeper.apache.org Received: (qmail 61556 invoked by uid 500); 16 Oct 2012 12:42:59 -0000 Mailing-List: contact user-help@zookeeper.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: user@zookeeper.apache.org Delivered-To: mailing list user@zookeeper.apache.org Received: (qmail 61526 invoked by uid 99); 16 Oct 2012 12:42:59 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 16 Oct 2012 12:42:59 +0000 X-ASF-Spam-Status: No, hits=2.2 required=5.0 tests=HTML_MESSAGE,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: local policy) Received: from [64.38.194.81] (HELO bsf-cluster.cwie.net) (64.38.194.81) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 16 Oct 2012 12:42:52 +0000 X-ASG-Debug-ID: 1350391348-040c186ba85c5810001-i9L50J Received: from exchange.ccbilleu.com (mtsrv-exchnlb1.malta.ccbill-hq.local [10.239.31.82]) by bsf-cluster.cwie.net with ESMTP id KppPW9vko0G1gjBL (version=TLSv1 cipher=AES128-SHA bits=128 verify=NO) for ; Tue, 16 Oct 2012 05:42:29 -0700 (MST) X-Barracuda-Envelope-From: chrisp@ccbilleu.com X-Barracuda-RBL-Trusted-Forwarder: 10.239.31.82 From: Christopher Powell To: "user@zookeeper.apache.org" Subject: Zookeeper + Netty + SSL + PKI Thread-Topic: Zookeeper + Netty + SSL + PKI X-ASG-Orig-Subj: Zookeeper + Netty + SSL + PKI Thread-Index: Ac2rmvj3r+L2qrj3RpiheIwJwp7tWA== Date: Tue, 16 Oct 2012 12:42:27 +0000 Message-ID: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.239.10.12] Content-Type: multipart/alternative; boundary="_000_CB6A588D0918A747A31DE5230E69C827010E0626MTSRVEXCHMB2mal_" MIME-Version: 1.0 X-Barracuda-Connect: mtsrv-exchnlb1.malta.ccbill-hq.local[10.239.31.82] X-Barracuda-Start-Time: 1350391349 X-Barracuda-Encrypted: AES128-SHA X-Barracuda-URL: http://10.20.66.22:8000/cgi-mod/mark.cgi X-Virus-Scanned: by bsmtpd at cwie.net X-Barracuda-Spam-Score: 0.00 X-Barracuda-Spam-Status: No, SCORE=0.00 using per-user scores of TAG_LEVEL=1000.0 QUARANTINE_LEVEL=1000.0 KILL_LEVEL=1000.0 tests=HTML_MESSAGE X-Barracuda-Spam-Report: Code version 3.2, rules version 3.2.2.111501 Rule breakdown below pts rule name description ---- ---------------------- -------------------------------------------------- 0.00 HTML_MESSAGE BODY: HTML included in message X-Virus-Checked: Checked by ClamAV on apache.org --_000_CB6A588D0918A747A31DE5230E69C827010E0626MTSRVEXCHMB2mal_ Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable Hi there, I am in the process of deploying my first system based on Zookeeper and I n= eed to have Zookeeper client-server communication properly authenticated an= d encrypted. As far as authentication I got ACLs working fine but in regards to encrypti= on the only plausible technique I found was using stunnel as an SSL tunnel. Seeing as the 3.4 version of Zookeeper now has Netty support and the docume= ntation mentioned that Netty supports encryption and authentication out of = the box I switched to NettyServerCnxnFactory. However the documentation is still missing as to how to actually enable enc= ryption and authentication. All I found in the docs is: TBD - how to manage encryption TBD - how to manage certificates Can someone please offer some insight as to how I can get this working? Thanks in advance, Chris --_000_CB6A588D0918A747A31DE5230E69C827010E0626MTSRVEXCHMB2mal_--