[ https://issues.apache.org/jira/browse/SOLR-12953?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16859654#comment-16859654 ]
Lucene/Solr QA commented on SOLR-12953: --------------------------------------- | (x) *{color:red}-1 overall{color}* | \\ \\ || Vote || Subsystem || Runtime || Comment || | {color:red}-1{color} | {color:red} patch {color} | {color:red} 0m 6s{color} | {color:red} SOLR-12953 does not apply to master. Rebase required? Wrong Branch? See https://wiki.apache.org/solr/HowToContribute#Creating_the_patch_file for help. {color} | \\ \\ || Subsystem || Report/Notes || | JIRA Issue | SOLR-12953 | | JIRA Patch URL | https://issues.apache.org/jira/secure/attachment/12946651/SOLR-12953.patch | | Console output | https://builds.apache.org/job/PreCommit-SOLR-Build/425/console | | Powered by | Apache Yetus 0.7.0 http://yetus.apache.org | This message was automatically generated. > Support for TLS/SSL key alias configuration > ------------------------------------------- > > Key: SOLR-12953 > URL: https://issues.apache.org/jira/browse/SOLR-12953 > Project: Solr > Issue Type: Improvement > Affects Versions: 7.5 > Reporter: Bram Van Dam > Priority: Major > Labels: patch > Fix For: 7.5.1, 7.6 > > Attachments: SOLR-12953.patch, SOLR-12953.patch > > > As discussed on the mailing list: > *Context:* > There's a jetty-ssl.xml config file which configures Jetty's > SslContextFactory using properties set in solr.in.sh, but it's incomplete for > some purposes. > *Problem:* > I've noticed that no "certAlias" property is present. This means that when > Jetty starts, it will pick an arbitrary (based on some internal order, > apparently the newest?) key from the keystore to use. This is fine when > you're only using your keystore for Solr and it only contains one key, but it > makes life a lot more complicated in environments where keystores are managed > and distributed to servers automagically. > When you add a key to the keystore, you can assign an alias. Jetty can then > use the key with that alias by means of its certAlias config property. > The Solr documentation [1] confusingly assigns the alias "solr-ssl" to the > key, but as far as I can tell this alias isn't actually used or referenced > anywhere else. > *Solution:* > I'm currently dealing with a slightly more complicated TLS setup, so I'm > attaching a patch which adds an extra config property in order to > (optionally) specify the key alias. When the option is omitted, the old > behaviour remains unchanged. Patch modifies the configuration and includes > updates to the enabling-ssl documentation. -- This message was sent by Atlassian JIRA (v7.6.3#76005) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@lucene.apache.org For additional commands, e-mail: dev-h...@lucene.apache.org