[
https://issues.apache.org/jira/browse/KNOX-1111?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16712004#comment-16712004
]
Kevin Risden commented on KNOX-1111:
------------------------------------
This is directly related to KNOX-1643 - I'm curious if we will break existing
users by moving this from twowayssl out to the default if this description is
correct. This means that if twowayssl is true, we don't trust anything but the
gateway.jks certs? Not even the ones from the default cacerts?
> 2-way SSL Truststore and Keystore Improvements
> ----------------------------------------------
>
> Key: KNOX-1111
> URL: https://issues.apache.org/jira/browse/KNOX-1111
> Project: Apache Knox
> Issue Type: Improvement
> Components: Server
> Reporter: Larry McCay
> Assignee: Jeff Storck
> Priority: Major
> Fix For: 1.3.0
>
>
> Currently, the DefaultHttpClientFactory is setting the 2-way SSL for
> dispatches truststore as gateway.jks. This should be driven by configuration
> and probably default to cacerts rather than gateway.jks.
> The client cert alias inside the keystore should be configurable as well so
> that we can possibly have different certs representing different topologies.
> In addition, the keystore to host the client certs should be configurable.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
