if you dont have a "certs team" you can purchase a Contract with Certificate Authority such as Verisign to handle signing X509 certs Once the certs are signed and stuffed into truststore(s) you will then be able to supply the x509 cert with public key from CA to your clients Martin ________________________________ From: Rohan Rasane <rohan.ras...@gmail.com> Sent: Friday, November 9, 2018 12:57 PM To: users@kafka.apache.org Subject: Re: How to provide certificate chain/intermediate CA to kafka broker
Hi Fang, You will need to create a CSR using the Private Key, then get that CSR signed by your Certs team which should be able to add the root and intermediate certs in the signed certs. Then you will have to add them to your stores on the host. Let me know if you have any specific questions. -Rohan On Fri, Nov 9, 2018 at 6:18 AM Fang Xing <fang.x...@gmail.com> wrote: > Hello, > > I'm looking for some instructions about setting SSL in Kafka with > certificate chains. There is instruction about settings for broker > certificate issued by a self-signed root CA, however I didn't find > information related to certificate chain. > > If the chain is like this: root ca -> intermediate ca -> kafka broker > certificate/key, how to setup the keystore and truststore to include > intermediate ca's certificate? Should it be put into keystore or truststore > in what format? > > Thanks! Fang >
