kafka-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Martin Gainty <mgai...@hotmail.com>
Subject Re: Kafka SSL and multiple domain names
Date Thu, 14 Feb 2019 11:36:14 GMT
if you require security over multiple subject alt names then you will need a UCC certificate
from cert-provider
(godaddy/thawte/verisign are some of the providers)

https://www.techopedia.com/definition/29764/unified-communications-certificate-ucc
[https://cdn.techopedia.com/resource/images/favicon/favicon-200x200.png]<https://www.techopedia.com/definition/29764/unified-communications-certificate-ucc>

Unified Communications Certificate (UCC) - Techopedia.com<https://www.techopedia.com/definition/29764/unified-communications-certificate-ucc>
A Unified Communications Certificate (UCC) is a type of multi-domain certificate used in SSL
authentication. It allows for the inclusion of multiple domain names and host names within
a domain in one certificate.
www.techopedia.com


most of the cert-providers do not support changing/adding of  more hostnames to previously
issued UCC certs
most of the cert-providers only support their own CA (certificate authority) to authenticate
their issued certificates

https://www.pluralsight.com/blog/software-development/top-reliable-ssl-certificates
[https://www.pluralsight.com/content/dam/pluralsight/blog/thumbnails/default/blog-thumb-dev-default@2x.png]<https://www.pluralsight.com/blog/software-development/top-reliable-ssl-certificates>

The Top 7 Most Reliable SSL Certificate Providers | Pluralsight<https://www.pluralsight.com/blog/software-development/top-reliable-ssl-certificates>
Contributor Michael Gabriel Sumastre. Michael Gabriel Sumastre is a skilled technical blogger
and writer with more than seven years of professional experience in Web content creation,
SEO and research paper writing.
www.pluralsight.com


(caveat emptor)

un saludo

________________________________
From: GĂ©rald Quintana <gerald.quintana@gmail.com>
Sent: Thursday, February 14, 2019 5:41 AM
To: users@kafka.apache.org
Subject: Kafka SSL and multiple domain names

Hello,

We need to have the same Kafka cluster bound to multiple DNS aliases/domain
names.
However, for some poor reason, we can't have a single SSL certificate with
subject alt names matching all DNS aliases.

Is it possible to use different SSL certs depending on the hostname used by
the client?
Is it possible to use SNI (Server Name Indication) for TLS connections?

Thanks,

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message