> Regarding host name validation, does FQDN with hostname always present in
CN (common name) of the certificate? What if I want to use some free form
text in CSR for CN field to make it for multiple host?
You have two options. Either you can use wildcard certificates as suggested
by Martin. Or you
From: Awadhesh Gupta
Sent: Tuesday, October 3, 2017 1:44 PM
To: users@kafka.apache.org; ja...@scholz.cz
Subject: Re: SSL setup in Kafka 2.10.0.10.2.1 for keystore and truststore files
Hi,
I validated the client chain in server log after enabling the SSL log
Hi,
I validated the client chain in server log after enabling the SSL log and
it was showing entries of both the certificate in chain.
I imported server csr (ca-cert file generated from command penssl req -new
-x509 -keyout ca-key -out ca-cert -days $VALIDITY) to Client trust store
and client csr
From: Awadhesh Gupta
Sent: Friday, September 29, 2017 7:05 AM
To: users@kafka.apache.org; manme...@gmail.com
Subject: Re: SSL setup in Kafka 2.10.0.10.2.1 for keystore and truststore files
Thanks M Manna.
I followed the steps to recreate the keystore
This normally means that the truststore in your producer doesn't contain a)
the public key of your broker or b) the public keys of the CA which signed
the broker key. With this error it didn't even get to the verification of
the client certificate yet. Looking at the blog post it looks like there i
Thanks M Manna.
I followed the steps to recreate the keystore & truststore for SSL setup on
both Client&Server machine and it is working fine if I run the client and
broker on same Linux host.
Problem starts when I publish the messages from Kafka Client deployed on
different Linux machine.
I en
Hi Awadhesh,
This seems like your certificate import order (intermediate - root) is
jumbled up. Could you kindly follow the instructions on confluent.io where
Ismael Juma has provided a nice set of steps to follow for SSL setup.
https://www.confluent.io/blog/apache-kafka-security-authorization-au
Hello,
I am trying to setup Kafka SSL using certificates on my windows machine
using reference of security_overview section of Kafka documents. I have
created server.keystore.jks, client.keystore.jks and respective trust store
file and signed it using keytool command. I followed complete steps as