[ https://issues.apache.org/jira/browse/SLIDER-580?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14188963#comment-14188963 ]
Jonathan Maron commented on SLIDER-580: --------------------------------------- currently the server and client certs will be localized, per container, if 2-way SSL is enabled for agent-AM communication. You therefore would have to enable "ssl.server.client.auth" (set it to true) which would then localize the certificates. However, to leverage them from another app would probably require some enhancements: 1) The agent python process doesn't actually use a truststore, but rather downloads a self signed cert from the AM. The generation of a truststore used by a java process would be required. 2) The server keytstore is generated for the AM and protected by a password, but that password is only available to the AM. We would have to consider leveraging a credential provider to allow access to the password if the server keystore access is required. Though SLIDER-263 was put in place to migrate to the credential provider, given the fact that password persistence wasn't actually required by the AM the decision was made to abandon that effort for now in favor of simply not persisting the password (as it currently is to an AM private directory). I think we'd have to consider exactly the use case for app certificate generation, walk through the likely deployment scenarios and app usages, and file a JIRA to track that enhancement for the next release. > Install SSL certs > ----------------- > > Key: SLIDER-580 > URL: https://issues.apache.org/jira/browse/SLIDER-580 > Project: Slider > Issue Type: Improvement > Reporter: Billie Rinaldi > Assignee: Jonathan Maron > > In addition to keytabs, it would be useful to be able to install SSL certs > for localization. We could simply add jks files as a type of file understood > by install-keytab. Although this does lead to the question of whether we'd > want to support installing arbitrary resources. -- This message was sent by Atlassian JIRA (v6.3.4#6332)