I agree with Sönke that kerberos is a better choice here. SSL and JKS is
probably NOT the right choice of this short lived (48 hours) scenario.
Typically certs are valid in order of years.
On Tue, Mar 13, 2018 at 7:21 PM, Sönke Liebau <
soenke.lie...@opencore.com.invalid> wrote:
> Hi Alexander,
>
Hi Alexander,
I don't (yet) have any real suggestions for what you are trying to
achieve, but I'd be interested to understand if you looked at the
alternative forms of authentication instead of SSL. Namely Kerberos
which is already available and delegation tokens which will be
available in 1.1
>Fr
Our set up:
Brokers on 0.10.1
Clients on 0.9
-On startup, clients are dynamically issued a signed certificate that is
vaild for 48 hours. A JKS is created using this certificate.
-All brokers have a signed certificate in their JKS that is valid for some
years.
The issue:
Clients only load their
