I using Kafka v 0.9 with TLS enabled, including client auth. In http://www.confluent.io/blog/apache-kafka-security-authorization-authentication-encryption, it is mentioned that "We need to generate a key and certificate for each broker and client in the cluster. The common name (CN) of the broker certificate must match the fully qualified domain name (FQDN) of the server as the client compares the CN with the DNS domain name to ensure that it is connecting to the desired broker (instead of a malicious one)."
1) Is there a specific additional configuration parameter to enable this or does it always happen if the other TLS/SSL parameters are set (as e.g. shown below) ? 2) Is it possible to make the broker(s) carry out the same check against client certificates if SSL client auth is enabled ? Regards, Phi listeners=SSL://:9093 authorizer.class.name=kafka.security.auth.SimpleAclAuthorizer super.users=User:CN=broker1.mydomain.com,OU=ABC,O=XYZ,L=SFO,ST=CA,C=US ssl.keystore.location=/opt/ssl/kafka.server.keystore.jks ssl.keystore.password=test1234 ssl.key.password=test1234 ssl.truststore.location=/opt/ssl/kafka.server.truststore.jks ssl.truststore.password=test1234 ssl.enabled.protocols=TLSv1.2,TLSv1.1,TLSv1 ssl.keystore.type=JKS ssl.truststore.type=JKS security.inter.broker.protocol=SSL ssl.client.auth=required
