Question

3
Replies
423
Views
EugeneR7 Member since 2013 30 posts
Deutsche Bank
Posted: 2 years ago
Last activity: 2 years 6 months ago
Closed

Specifying multiple certificates / keys in a keystore via alias - is this supported?

When building secure REST services, we are required to specify a keystore instance which has the certificate / key for the secured connection. This is generally fine, however when there are multiple services which have their own security constraints, we have to maintain multiple keystores within Pega.

Additionally, at the JVM level, we can specify only 1 keystore using something like -Djavax.net.ssl.keyStore = ./mykeystore.jks

My understanding is that a keystore is just a container for certs / keys, where each pair can be identified by an alias. So if this was built in direct code, a client can specify "for my HTTPS connection, use SSL cert/key where alias = 'mycertalias' "

Is this something which is currently supported in Pega (7.3.1) or planned to be supported? It would be a bit of management overhead if multiple keystores have to be managed, and neither of them can be used in the javax.net.ssl.keyStore jvm parameter.

Data Integration Security
Moderation Team has archived post
Share this page LinkedIn