Not really. I have managed to generate a cert with a single common CN, sign that with my internal CA and import that to the keystore that is referenced by the Kafka-Rest Proxy. I then distribute that Java Keystore (JKS) to all of the servers running the Rest API. The last part is to export that cert and import that to the local certificate stores only on the windows web servers that need access. When a webrequest is made it is made using that certificate. Also the rootCA and any intermediate certs are in the truststore on the server AND in the local cert store on the web servers.
So I got it to work. Gene Robichaux Senior Architect, Site Operations Match.com 8750 North Central Expressway I Suite 1400 I Dallas, TX 75231 -----Original Message----- From: Martin Gainty [mailto:mgai...@hotmail.com] Sent: Wednesday, February 01, 2017 12:54 PM To: users@kafka.apache.org Subject: Re: Anyone have guide for setting up the rest proxy using SSL and Client authentication probably fighting an uphill battle sending cleartext POSTS and GETS with REST calls most apache server folk who secure HTTP 1.1 server will front end with CA (provided by thawte,verisign,GeoTrust) https://www.geotrust.com [https://seal.geotrust.com/getgeotrustsslseal?at=0&sealid=1&dn=www.geotrust.com&lang=en&gmtoff=0]<https://www.geotrust.com/> GeoTrust® | Purchase SSL Certificates & Code Signing ...<https://www.geotrust.com/> www.geotrust.com Guarantee online customer security with SSL certificates from GeoTrust. Purchase in bulk, manage multiple certificates & become your own Certificate Authority. once the credentials from cert are validated against <CA/Client> nameserver (LDAP) and the keys match a secure handshake is initiated and the SSL request is redirected to your HTTP 1.1 server does this help? Martin ______________________________________________ LoveChatTranscript October 2016 >From Huma Mahmood Abedin>Single lady looking for Love From >LoveStruckValidimir>Yes i am rich single caucasian looking for love From Huma >Mahmood Abedin>where are your from Vladimir? >From LoveStruckValidimir>currently in Crimea From Huma Mahmood Abedin>is that >in Ukraine? >From LoveStruckValidimir>no crimea is part of Russia now From >LoveStruckValidimir>what do you do? >From Huma Mahmood Abedin>Chief of Staff for "We are stronger Together" >campaign From LoveStruckValidimir>i send you gift ..Elf on Shelf ..place next >to bosses InternetRouter From Huma Mahmood Abedin>ok ________________________________ From: Gene Robichaux <gene.robich...@match.com> Sent: Wednesday, February 1, 2017 12:52 PM To: users@kafka.apache.org Subject: Anyone have guide for setting up the rest proxy using SSL and Client authentication We are looking at the Rest Proxy for our environment but we want to secure connections to the Rest proxy via SSL AND Client Certificate authentication. The SSL part is no big deal but I am struggling mightly with the client authentication portion. Does someone have some details on how to properly set this up? The general architecture is 3 rest proxies behind a load balancer. Windows web servers posting messages through the LB to the three proxies. I have not really seen anyone running this configuration with client authentication. Any help would be appreciated. Gene Robichaux Senior Architect, Site Operations Match.com 8750 North Central Expressway I Suite 1400 I Dallas, TX 75231 [cid:59D28919-2E4F-4F4A-9F0D-F4C776859901]
