KAFKA: Schema Registry TLS uses the keystore password as private key password

Observation

Schema Registry does not work when using a different keystore-password and private-key-password.

<confluent-schema-registry>
    <name></name>
    <url></url>
    <kafka-topics></kafka-topics>
    <tls>
        <keystore>
            <path>my/path/</path>
            <password>password1</password>
            <private-key-password>password2</private-key-password>
        </keystore>
    </tls>
</confluent-schema-registry>

Impact

High

Cause

The keystore-password is used as the private-key-password. Hence when the <private-key-password> is set differently then Schema Registry does not work.

Solution

The issue is fixed in HiveMQ 4.12 release as well as the 4.8.9 and 4.9.4 maintenance releases. Please upgrade to resolve this issue.