Uploaded image for project: 'AMQ Streams'
  1. AMQ Streams
  2. ENTMQST-3297

Use all public keys from Cluster CA in ZookeeperScaler and in DefaultAdminClientProvider

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Major
    • 2.0.0.GA
    • None
    • None
    • None
    • False
    • False

    Description

      During Cluster CA renewal, the Cluster CA secret might contain multiple public keys belonging to different generation of the CA. It is important for all components to load all of them to allow smooth rollout of CA changes, when the components might need to trust both the old and new CA. This applies also to the ZookeeperScaler as well as to the DefaultAdminClientProvider. They should not use only the ca.crt but all *.crt files. Without that, they will be unable to connect for example during renewals of own Cluster CAs.

      Attachments

        Activity

          People

            Unassigned Unassigned
            scholzj JAkub Scholz
            Lukas Kral Lukas Kral
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: