[
https://issues.apache.org/jira/browse/KNOX-1111?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16712849#comment-16712849
]
Kevin Risden commented on KNOX-1111:
------------------------------------
>From the following:
https://risdenk.github.io/2018/03/18/apache-knox-proxying-apache-nifi.html
We shouldn't have to do the two steps here:
{code:java}
keytool -importkeystore -destkeypass $KNOX_MASTER_SECRET -srckeystore
/opt/certs/knox/keystore.jks -destkeystore data/security/keystores/gateway.jks
-deststoretype JKS -srcstorepass keystore -deststorepass $KNOX_MASTER_SECRET
-noprompt
keytool -importkeystore -srckeystore /opt/certs/knox/truststore.jks
-destkeystore data/security/keystores/gateway.jks -deststoretype JKS
-srcstorepass truststore -deststorepass $KNOX_MASTER_SECRET -noprompt
{code}
We should instead be able to configure where we pull the keystore and
truststore from.
> 2-way SSL Truststore and Keystore Improvements
> ----------------------------------------------
>
> Key: KNOX-1111
> URL: https://issues.apache.org/jira/browse/KNOX-1111
> Project: Apache Knox
> Issue Type: Improvement
> Components: Server
> Reporter: Larry McCay
> Assignee: Jeff Storck
> Priority: Major
> Fix For: 1.3.0
>
>
> Currently, the DefaultHttpClientFactory is setting the 2-way SSL for
> dispatches truststore as gateway.jks. This should be driven by configuration
> and probably default to cacerts rather than gateway.jks.
> The client cert alias inside the keystore should be configurable as well so
> that we can possibly have different certs representing different topologies.
> In addition, the keystore to host the client certs should be configurable.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
