HARIKRISHNAN Ck created OOZIE-3049:
--------------------------------------
Summary: Provision to pass Key alias with Oozie SSL
Key: OOZIE-3049
URL: https://issues.apache.org/jira/browse/OOZIE-3049
Project: Oozie
Issue Type: Improvement
Reporter: HARIKRISHNAN Ck
Priority: Minor
Currently, there are provisions to set the keyStore and keyPassword. Per Oozie
documentation:
OOZIE_HTTPS_KEYSTORE_FILE : The location of the keystore file containing the
certificate information. Default value ${HOME}/.keystore (i.e. the home dir of
the Oozie user).
OOZIE_HTTPS_KEYSTORE_PASS : The password of the keystore file. Default value
password
However, there is no provision to set the keySotreAlias. In a Production
Cluster there are good chances of having multiple keys in a kesytore and it's
likely possible that multiple keys are present.
Per tomcat documentation :
keyAlias: The alias used for the server key and certificate in the keystore. If
not specified, the first key read from the keystore will be used. The order in
which keys are read from the keystore is implementation dependent. It may not
be the case that keys are read from the keystore in the same order as they were
added. If more than one key is present in the keystore it is strongly
recommended that a keyAlias is configured to ensure that the correct key is
used.
The work around would be to edit the server.xml and add the keyAlias field.
Editing "server.xml" is not a recommended solution as this has to be done every
time oozie-setup.sh script is executed also these steps are not documented any
where. We should have a variable which can be set in the oozie-env.sh
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
