[
https://issues.apache.org/jira/browse/KAFKA-5519?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16724991#comment-16724991
]
Clement Pellerin commented on KAFKA-5519:
-----------------------------------------
KIP-383 proposes a solution for KAFKA-6654 which would be a work-around for
this Jira.
> Support for multiple certificates in a single keystore
> ------------------------------------------------------
>
> Key: KAFKA-5519
> URL: https://issues.apache.org/jira/browse/KAFKA-5519
> Project: Kafka
> Issue Type: New Feature
> Components: security
> Affects Versions: 0.10.2.1
> Reporter: Alla Tumarkin
> Priority: Major
> Labels: upstream-issue
>
> Background
> Currently, we need to have a keystore exclusive to the component with exactly
> one key in it. Looking at the JSSE Reference guide, it seems like we would
> need to introduce our own KeyManager into the SSLContext which selects a
> configurable key alias name.
> https://docs.oracle.com/javase/7/docs/api/javax/net/ssl/X509KeyManager.html
> has methods for dealing with aliases.
> The goal here to use a specific certificate (with proper ACLs set for this
> client), and not just the first one that matches.
> Looks like it requires a code change to the SSLChannelBuilder
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
