[jira] [Commented] (KAFKA-9308) Misses SAN after certificate creation

Tue, 28 Jan 2020 05:07:50 -0800 


    [ 
https://issues.apache.org/jira/browse/KAFKA-9308?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17025096#comment-17025096
 ] 

ASF GitHub Bot commented on KAFKA-9308:
---------------------------------------

soenkeliebau commented on pull request #8009: KAFKA-9308: Reworded the ssl part 
of the security documentation 
URL: https://github.com/apache/kafka/pull/8009
 
 
   This is to fix various issues (mainly as noted by this jira, the problem 
that SAN extension values are not copied to certificates) and add some 
recommendations.
   
   Build the page and reviewed it, used Intellij HTML syntax checker to ensure 
valid HTML syntax.
   
   ### Committer Checklist (excluded from commit message)
   - [ ] Verify design and implementation 
   - [ ] Verify test coverage and CI build status
   - [ ] Verify documentation (including upgrade notes)
   
 
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


> Misses SAN after certificate creation
> -------------------------------------
>
>                 Key: KAFKA-9308
>                 URL: https://issues.apache.org/jira/browse/KAFKA-9308
>             Project: Kafka
>          Issue Type: Bug
>          Components: documentation
>    Affects Versions: 2.3.1
>            Reporter: Agostino Sarubbo
>            Priority: Minor
>
> Hello,
> I followed the documentation to use kafka with ssl, however the entire 
> 'procedure' loses at the end the specified SAN.
> To test, run (after the first keytool command and after the latest):
>  
> {code:java}
> keytool -list -v -keystore server.keystore.jks
> {code}
> Reference:
>  [http://kafka.apache.org/documentation.html#security_ssl]
>  
> {code:java}
> #!/bin/bash
> #Step 1
> keytool -keystore server.keystore.jks -alias localhost -validity 365 -keyalg 
> RSA -genkey -ext SAN=DNS:test.test.com
> #Step 2
> openssl req -new -x509 -keyout ca-key -out ca-cert -days 365
> keytool -keystore server.truststore.jks -alias CARoot -import -file ca-cert
> keytool -keystore client.truststore.jks -alias CARoot -import -file ca-cert
> #Step 3
> keytool -keystore server.keystore.jks -alias localhost -certreq -file 
> cert-file 
> openssl x509 -req -CA ca-cert -CAkey ca-key -in cert-file -out cert-signed 
> -days 365 -CAcreateserial -passin pass:test1234 
> keytool -keystore server.keystore.jks -alias CARoot -import -file ca-cert 
> keytool -keystore server.keystore.jks -alias localhost -import -file 
> cert-signed
> {code}
>  
> In the detail, the SAN is losed after:
> {code:java}
> keytool -keystore server.keystore.jks -alias localhost -import -file 
> cert-signed
> {code}



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to