+1 to introduce "ssl-default-alias" and fail if it's not set for multi-key keystore
On Wed, Aug 10, 2016 at 4:34 PM, Bruce Schuchardt <bschucha...@pivotal.io> wrote: > +1 for ssl-default-alias and failing > > > Le 8/10/2016 à 3:36 PM, Udo Kohlmeyer a écrit : > >> Hi there guys, >> >> As per the proposal for the revision of the SSL configuration < >> https://cwiki.apache.org/confluence/display/GEODE/Revised+SSL+properties>, >> I'm nearing the completion of this feature. >> >> What I have come across is some scenarios where a system is configured >> with a multi-key keystore and all Geode components are marked to use SSL. >> As the ssl configuration factory would not know what key to use, it might >> fail to correctly configure SSL comms. >> >> In this scenario, would it make sense to introduce another property >> "ssl-default-alias" which specifies the default certificate alias to be >> used in a multi-key keystore? >> >> Also, in the scenario where a single component specifies a different >> alias to be used, should we fail if the "ssl-default-alias" has not been >> set for a multi-key keystore? >> >> Any advice or opinions would be appreciated. >> >> --Udo >> >> >> >
