0

Can Apache Kafka handle two certificates in it keystore ?

Usecase:

We have mTLS enabled on Kafka and have 2 different Certificate Authorities (CA): One for issuing Server Certificates (extendedKeyUsage=serverAuth) and one for issuing Client Certificates (extendedKeyUsage=clientAuth).

Since Brokers act as both - client and server - we add both CA certificates to the truststore but also need the option to add 2 certificates to the keystore of the inter-broker listener. Does Apache Kafka supports this ? I miss an option to specify an key alias for server and client authentication, like in JBOSS Wildfly.

Hint: Of course Kafka can handle multiple CA certificates inside its truststore. But that is not the question here.

Improve this question
1
  • Side note: for different listeners you can specify different keystores. Use listener.name.internal.ssl.keystore.location=/keystore.jks. This is valid for all ssl config options. It will overwrite the global options (like ssl.keystore.location) Commented Aug 7 at 8:04
Related questions
645
Resolving javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed Error?
30
kafka failed authentication due to: SSL handshake failed
3
Kafka cluster using KRaft, mTLS and StandardAuthorizer not starting up, getting AuthorizerNotReadyException
Load 6 more related questions Show fewer related questions

0

Reset to default

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.