[ https://issues.apache.org/jira/browse/KAFKA-5519?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16488721#comment-16488721 ]
sebastien diaz commented on KAFKA-5519: --------------------------------------- I m working for a future production with a centralized monitoring tool. Mixing different encryption technologes for JMX/RMI/... on a weblogic server. the usage of a single keystore on the same server is not optionnal and by server design. Please add a config setCertAlias for clients/producer/consumer. > Support for multiple certificates in a single keystore > ------------------------------------------------------ > > Key: KAFKA-5519 > URL: https://issues.apache.org/jira/browse/KAFKA-5519 > Project: Kafka > Issue Type: New Feature > Components: security > Affects Versions: 0.10.2.1 > Reporter: Alla Tumarkin > Priority: Major > Labels: upstream-issue > > Background > Currently, we need to have a keystore exclusive to the component with exactly > one key in it. Looking at the JSSE Reference guide, it seems like we would > need to introduce our own KeyManager into the SSLContext which selects a > configurable key alias name. > https://docs.oracle.com/javase/7/docs/api/javax/net/ssl/X509KeyManager.html > has methods for dealing with aliases. > The goal here to use a specific certificate (with proper ACLs set for this > client), and not just the first one that matches. > Looks like it requires a code change to the SSLChannelBuilder -- This message was sent by Atlassian JIRA (v7.6.3#76005)