[
https://issues.apache.org/jira/browse/ARTEMIS-1157?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16563642#comment-16563642
]
Justin Bertram commented on ARTEMIS-1157:
-----------------------------------------
[~Sinaver], this JIRA is not a forum for questions about security. Please use
the proper [mailing list|http://activemq.apache.org/mailing-lists.html] for
your question. Thanks!
> Do not update ssl client keystore/truststore path on topology update
> --------------------------------------------------------------------
>
> Key: ARTEMIS-1157
> URL: https://issues.apache.org/jira/browse/ARTEMIS-1157
> Project: ActiveMQ Artemis
> Issue Type: Improvement
> Affects Versions: 2.0.0
> Reporter: Philipp Aeschlimann
> Priority: Major
> Attachments: ArtemisMqCrashDemoClient.java, broker.xml
>
>
> We have a 2 node cluster where clients and the refrenced connectors in the
> cluster-connection do use ssl client auth (all working so far). Now if a
> failover ocures - live server goes down - the clients try to re-connect with
> the client keystore path that is defined on the connector in the server.
> We know that it is possible to overwrite this behavoir by using
> org.apache.activemq.ssl.keyStore system property. But we have multiple
> keystores and want to use them. Would it be possible, that this settings:
> org.apache.activemq.artemis.core.remoting.impl.netty.TransportConstants.KEYSTORE_*
> org.apache.activemq.artemis.core.remoting.impl.netty.TransportConstants.TRUSTSTORE_*
> will not be updated from the server? I can not think of a scenario, where it
> would make sense that the server tells the client where the client has to
> look for his keystore and truststore settings.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
