[
https://issues.apache.org/jira/browse/KNOX-1111?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16712847#comment-16712847
]
Kevin Risden commented on KNOX-1111:
------------------------------------
I closed KNOX-1643 as a duplicate since this solves the problem in a more
generic way. I confirm that today with twowayssl, the HTTPClient won't trust
anything but gateway.jks. This means that you need to put the certificate for
the remote host in gateway.jks otherwise won't be able to trust it with
twowayssl.
> 2-way SSL Truststore and Keystore Improvements
> ----------------------------------------------
>
> Key: KNOX-1111
> URL: https://issues.apache.org/jira/browse/KNOX-1111
> Project: Apache Knox
> Issue Type: Improvement
> Components: Server
> Reporter: Larry McCay
> Assignee: Jeff Storck
> Priority: Major
> Fix For: 1.3.0
>
>
> Currently, the DefaultHttpClientFactory is setting the 2-way SSL for
> dispatches truststore as gateway.jks. This should be driven by configuration
> and probably default to cacerts rather than gateway.jks.
> The client cert alias inside the keystore should be configurable as well so
> that we can possibly have different certs representing different topologies.
> In addition, the keystore to host the client certs should be configurable.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
