Thank you. Using a cert with both server and client auth extensions worked.
Sent from my iPhone
> On Aug 22, 2019, at 8:59 AM, Pere Urbón Bayes wrote:
>
> HI,
> I would add both, end of the day they do the two jobs see for more details,
> https://github.com/purbon/kafka-security-playbook/blo
HI,
I would add both, end of the day they do the two jobs see for more
details,
https://github.com/purbon/kafka-security-playbook/blob/master/tls/server.cnf#L25
Missatge de Antony A del dia dj., 22 d’ag. 2019
a les 16:50:
> Is ExtendedKeyUsages an issue for Kafka?
>
> #7: ObjectId: 2.5.29.37 C
Is ExtendedKeyUsages an issue for Kafka?
#7: ObjectId: 2.5.29.37 Criticality=false
ExtendedKeyUsages [
serverAuth
]
The certificate itself has the CA in the chain.
On Thu, Aug 22, 2019 at 6:51 AM Pere Urbón Bayes
wrote:
> can you share your certificate content somehow? i should ask, is it
can you share your certificate content somehow? i should ask, is it
properly signed with the ca? can you share as well the current error.
-- Pere
On Thu, 22 Aug 2019, 14:47 Antony A wrote:
> Yes. The truststore has the CA. The keystore has the CA, PRIVATE KEY used
> to create the CSR and the SE
Yes. The truststore has the CA. The keystore has the CA, PRIVATE KEY used to
create the CSR and the SERVER CERT.
Sent from my iPhone
> On Aug 22, 2019, at 6:44 AM, Pere Urbón Bayes wrote:
>
> you should verify a proper chain of validation. is your private ca cert in
> your trust store?
>
>> O
you should verify a proper chain of validation. is your private ca cert in
your trust store?
On Thu, 22 Aug 2019, 14:40 Antony A wrote:
> Hi,
>
> I was able to get the broker running if I used a CA created as shown in
> the example below. https://kafka.apache.org/documentation/#security_ssl
>
>
Hi,
I was able to get the broker running if I used a CA created as shown in the
example below. https://kafka.apache.org/documentation/#security_ssl
The issue I am facing is when I used my internal CA. Not sure what I am missing
when I am creating the certificate.
Thanks.
Sent from my iPhone
Hi,
the error looks like a missing configuration value. A good source of
examples how to set up security can be found at
https://github.com/purbon/kafka-security-playbook or
https://docs.confluent.io/current/kafka/authentication_ssl.html.
i would verify them and see if you're using the same con
Hi,
I have followed the steps to secure the brokers using SSL. I have signed
the server certificate using internal CA. I have the keystore with server
certificate, private key and the CA. Also the truststore has only the CA.
Unfortunately I am unable to start the broker with the following server
