[
https://issues.apache.org/jira/browse/KAFKA-10338?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17413395#comment-17413395
]
Rajini Sivaram edited comment on KAFKA-10338 at 9/10/21, 9:27 PM:
------------------------------------------------------------------
[~teabot] We currently don't have a way of reconfiguring PEM configs for
clients unless they are stored externally in a file and the file is reloaded.
It may be possible to add a custom `ssl.engine.factory.class` that does
reconfiguration for clients. For brokers, we can use standard dynamic broker
configs for PEM.
was (Author: rsivaram):
[~teabot] We currently don't have a way of updating PEM configs for clients
unless they are stored externally in a file and the file is reloaded. It may be
possible to add a custom `ssl.engine.factory.class` that does reconfiguration
for clients. For brokers, we can use standard dynamic broker configs for PEM.
> Support PEM format for SSL certificates and private key
> -------------------------------------------------------
>
> Key: KAFKA-10338
> URL: https://issues.apache.org/jira/browse/KAFKA-10338
> Project: Kafka
> Issue Type: New Feature
> Components: security
> Reporter: Rajini Sivaram
> Assignee: Rajini Sivaram
> Priority: Major
> Fix For: 2.7.0
>
>
> We currently support only file-based JKS/PKCS12 format for SSL key stores and
> trust stores. It will be good to add support for PEM as configuration values
> that fits better with config externalization.
> KIP:
> https://cwiki.apache.org/confluence/display/KAFKA/KIP-651+-+Support+PEM+format+for+SSL+certificates+and+private+key
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
