I've setup multiple brokers that authenticate to each other via TLS authentication. So far the identity has been the same key because the usage is any. I need to use an internal CA to sign the certificate, and the certificate will be marked as server auth only. I haven't tested out using a server auth cert for client auth with AMQ to see if it works, but in theory it shouldn't because of the usage type.
To get around this issue, I imported both a client auth and server auth key with corresponding usage types. Unfortunately, this doesn't work because I can't tell AMQ which alias to use so it keeps picking the client certificate which isn't setup with subject alternative names and isn't signed by our CA. Is there a way to specify the alias for TLS or get AMQ to pick the key I want? I found https://issues.apache.org/jira/browse/AMQ-9294 but there hasn't been any comments or response. Is there a way to solve this issue without just hoping Java ignores key usage for authentication? Thanks Marc
