[ https://issues.apache.org/jira/browse/QPID-8016?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16266042#comment-16266042 ]
Rob Godfrey commented on QPID-8016: ----------------------------------- The update in QPID-7567 fixes this issue (while at the same time changing the default so that unless specifically disabled the keystore will first look for a cert which matches the SNI name. If no such cert is present, then it will return the cert associated with the alias. > [Broker-J] FileKeyStore alias does not select the correct certificate > --------------------------------------------------------------------- > > Key: QPID-8016 > URL: https://issues.apache.org/jira/browse/QPID-8016 > Project: Qpid > Issue Type: Bug > Components: Broker-J > Affects Versions: qpid-java-6.1, qpid-java-broker-7.0.0 > Reporter: Keith Wall > > Keystore provider implementation {{FileKeyStore}} has a {{#certificateAlias}} > attribute that is supposed to select a single certificate for use from a > store that has many. This feature does not currently work. It seems that > the last certificate is chosen regardless of the alias specified by the user. > I reproduced this problem with test resource at > {{test-profiles/test_resources/ssl/java_client_keystore.jks}}. It contains > two non-CA certs app1 and app2. app2 was always presented over the TLS > enabled socket, regardless of the setting of the {{certificateAlias}} -- This message was sent by Atlassian JIRA (v6.4.14#64029) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@qpid.apache.org For additional commands, e-mail: dev-h...@qpid.apache.org