David Scrève created KAFKA-20784:
------------------------------------

             Summary: Change certificate management
                 Key: KAFKA-20784
                 URL: https://issues.apache.org/jira/browse/KAFKA-20784
             Project: Kafka
          Issue Type: Wish
          Components: controller
    Affects Versions: 4.3.1
            Reporter: David Scrève


When using custom SSL certificate, we need to provide a Client AND Server 
certificate because Kafka use it internally for communication between 
Controller.

This kind of certificate is strongly discouraged and will be soon rejected by 
Google and others...

Like K8S, you should use your own CA and generate your own certificates for 
internal communication and use the SSL certificate only for external 
communication with clients.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to