[jira] [Comment Edited] (CASSANDRA-17513) Add new property to pass keystore for outbound connections

Mon, 18 Apr 2022 16:50:05 -0700 


    [ 
https://issues.apache.org/jira/browse/CASSANDRA-17513?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17523805#comment-17523805
 ] 

Maulin Vasavada edited comment on CASSANDRA-17513 at 4/18/22 11:49 PM:
-----------------------------------------------------------------------

[~Jyothsnakonisa] and [~djoshi] - would it be possible to put both private keys 
- server and client in the same keystore? I've never tried it so not sure but 
would Java be able to use correct certificate based on whether it requires 
Server certificate or a Client certificate? 

I think writing up [a sample https 
server/client|https://bugs.openjdk.java.net/browse/JDK-8262186] locally could 
help test/verify that. However, so far from Java code standpoint I am not able 
to locate the place where it checks the OID/extendedKeyUsage field for 
client/server cert reading from a keystore.


was (Author: maulin.vasavada):
[~Jyothsnakonisa] and [~djoshi] - would it be possible to put both private keys 
- server and client in the same keystore? I've never tried it so not sure but 
would Java be able to use correct certificate based on whether it requires 
Server certificate or a Client certificate? 

I think writing up [a sample https 
server/client|https://bugs.openjdk.java.net/browse/JDK-8262186] locally could 
help test/verify that.

> Add new property to pass keystore for outbound connections
> ----------------------------------------------------------
>
>                 Key: CASSANDRA-17513
>                 URL: https://issues.apache.org/jira/browse/CASSANDRA-17513
>             Project: Cassandra
>          Issue Type: Bug
>            Reporter: Jyothsna Konisa
>            Assignee: Jyothsna Konisa
>            Priority: Normal
>          Time Spent: 1h 20m
>  Remaining Estimate: 0h
>
> Same keystore is being set for both Inbound and outbound connections but we 
> should use a keystore with server certificate for Inbound connections and a 
> keystore with client certificates for outbound connections. So we should add 
> a new property in Cassandra.yaml to pass outbound keystore and use it in 
> SSLContextFactory for creating outbound SSL context.



--
This message was sent by Atlassian Jira
(v8.20.1#820001)

---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscr...@cassandra.apache.org
For additional commands, e-mail: commits-h...@cassandra.apache.org

Reply via email to