kafka-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jakub Scholz <ja...@scholz.cz>
Subject Using different SSL keystore and truststore for different listeners
Date Fri, 22 Sep 2017 08:30:50 GMT

I would like to setup my Kafka cluster so that it has several SSL listeners
(for replication, for clients in internal network, for clients in external
network etc.). But I need to use different certificates for each listener.
In particular I need:
* different server keys (keystore) because the clients connecting from
within internal network use different hostnames to connect then the clients
connecting from external network and I want hostname verification to work.
(With some private CA the different hostnames can be in the same
certificate as alternate subjects. But I would like to have private CA key
for the internal interface with internal addresses and key from a public CA
for the external address. So I need two keys.)
* different truststore because two separate groups of users are
authenticating over the different interfaces.

Kafka allows to create several different listeners with different
configurations. That is great. But it seems that when I create several SSL
interfaces they all share the same keystore and truststore file. Is my
understanding correct? Or is there some way how to configure each listener
to use different keystore / truststore?

Thanks & Regards

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message