if you dont have a "certs team" you can purchase a Contract with Certificate 
Authority such as Verisign
to handle signing X509 certs
Once the certs are signed and stuffed into truststore(s)
you will then be able to supply the x509 cert with public key from CA to your 
clients
Martin
________________________________
From: Rohan Rasane <rohan.ras...@gmail.com>
Sent: Friday, November 9, 2018 12:57 PM
To: users@kafka.apache.org
Subject: Re: How to provide certificate chain/intermediate CA to kafka broker

Hi Fang,
You will need to create a CSR using the Private Key, then get that CSR
signed by your Certs team which should be able to add the root and
intermediate certs in the signed certs. Then you will have to add them to
your stores on the host.

Let me know if you have any specific questions.

-Rohan

On Fri, Nov 9, 2018 at 6:18 AM Fang Xing <fang.x...@gmail.com> wrote:

> Hello,
>
> I'm looking for some instructions about setting SSL in Kafka with
> certificate chains. There is instruction about settings for broker
> certificate issued by a self-signed root CA, however I didn't find
> information related to certificate chain.
>
> If the chain is like this: root ca -> intermediate ca -> kafka broker
> certificate/key, how to setup the keystore and truststore to include
> intermediate ca's certificate? Should it be put into keystore or truststore
> in what format?
>
> Thanks! Fang
>

Reply via email to