[
https://issues.apache.org/jira/browse/KAFKA-5519?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16488721#comment-16488721
]
sebastien diaz commented on KAFKA-5519:
---------------------------------------
I m working for a future production with a centralized monitoring tool.
Mixing different encryption technologes for JMX/RMI/... on a weblogic server.
the usage of a single keystore on the same server is not optionnal and by
server design.
Please add a config setCertAlias for clients/producer/consumer.
> Support for multiple certificates in a single keystore
> ------------------------------------------------------
>
> Key: KAFKA-5519
> URL: https://issues.apache.org/jira/browse/KAFKA-5519
> Project: Kafka
> Issue Type: New Feature
> Components: security
> Affects Versions: 0.10.2.1
> Reporter: Alla Tumarkin
> Priority: Major
> Labels: upstream-issue
>
> Background
> Currently, we need to have a keystore exclusive to the component with exactly
> one key in it. Looking at the JSSE Reference guide, it seems like we would
> need to introduce our own KeyManager into the SSLContext which selects a
> configurable key alias name.
> https://docs.oracle.com/javase/7/docs/api/javax/net/ssl/X509KeyManager.html
> has methods for dealing with aliases.
> The goal here to use a specific certificate (with proper ACLs set for this
> client), and not just the first one that matches.
> Looks like it requires a code change to the SSLChannelBuilder
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
