[
https://issues.apache.org/jira/browse/KAFKA-5519?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16075164#comment-16075164
]
Alla Tumarkin commented on KAFKA-5519:
--------------------------------------
I wouldn't call it problematic: I just imagine there are situations where
multiple J2EE applications may want to use a single keystore and import their
client certificates into a single keystore - in order to decrease management
overhead by not having to maintain multiple keystores (like managing keystore
passwords, for example).
> Support for multiple certificates in a single keystore
> ------------------------------------------------------
>
> Key: KAFKA-5519
> URL: https://issues.apache.org/jira/browse/KAFKA-5519
> Project: Kafka
> Issue Type: New Feature
> Components: security
> Affects Versions: 0.10.2.1
> Reporter: Alla Tumarkin
> Labels: upstream-issue
>
> Background
> Currently, we need to have a keystore exclusive to the component with exactly
> one key in it. Looking at the JSSE Reference guide, it seems like we would
> need to introduce our own KeyManager into the SSLContext which selects a
> configurable key alias name.
> https://docs.oracle.com/javase/7/docs/api/javax/net/ssl/X509KeyManager.html
> has methods for dealing with aliases.
> The goal here to use a specific certificate (with proper ACLs set for this
> client), and not just the first one that matches.
> Looks like it requires a code change to the SSLChannelBuilder
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
