kafka-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Manikumar <manikumar.re...@gmail.com>
Subject Re: Using different SSL keystore and truststore for different listeners
Date Sat, 23 Sep 2017 09:05:18 GMT
Hi,

We can override per listener security settings.  This way we can configure
each listener
to with different configs.

https://issues.apache.org/jira/browse/KAFKA-4636

On Fri, Sep 22, 2017 at 2:00 PM, Jakub Scholz <jakub@scholz.cz> wrote:

> Hi,
>
> I would like to setup my Kafka cluster so that it has several SSL listeners
> (for replication, for clients in internal network, for clients in external
> network etc.). But I need to use different certificates for each listener.
> In particular I need:
> * different server keys (keystore) because the clients connecting from
> within internal network use different hostnames to connect then the clients
> connecting from external network and I want hostname verification to work.
> (With some private CA the different hostnames can be in the same
> certificate as alternate subjects. But I would like to have private CA key
> for the internal interface with internal addresses and key from a public CA
> for the external address. So I need two keys.)
> * different truststore because two separate groups of users are
> authenticating over the different interfaces.
>
> Kafka allows to create several different listeners with different
> configurations. That is great. But it seems that when I create several SSL
> interfaces they all share the same keystore and truststore file. Is my
> understanding correct? Or is there some way how to configure each listener
> to use different keystore / truststore?
>
> Thanks & Regards
> Jakub
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message