if you require security over multiple subject alt names then you will need a UCC certificate from cert-provider (godaddy/thawte/verisign are some of the providers)
https://www.techopedia.com/definition/29764/unified-communications-certificate-ucc [https://cdn.techopedia.com/resource/images/favicon/favicon-200x200.png]<https://www.techopedia.com/definition/29764/unified-communications-certificate-ucc> Unified Communications Certificate (UCC) - Techopedia.com<https://www.techopedia.com/definition/29764/unified-communications-certificate-ucc> A Unified Communications Certificate (UCC) is a type of multi-domain certificate used in SSL authentication. It allows for the inclusion of multiple domain names and host names within a domain in one certificate. www.techopedia.com most of the cert-providers do not support changing/adding of more hostnames to previously issued UCC certs most of the cert-providers only support their own CA (certificate authority) to authenticate their issued certificates https://www.pluralsight.com/blog/software-development/top-reliable-ssl-certificates [https://www.pluralsight.com/content/dam/pluralsight/blog/thumbnails/default/blog-thumb-dev-defa...@2x.png]<https://www.pluralsight.com/blog/software-development/top-reliable-ssl-certificates> The Top 7 Most Reliable SSL Certificate Providers | Pluralsight<https://www.pluralsight.com/blog/software-development/top-reliable-ssl-certificates> Contributor Michael Gabriel Sumastre. Michael Gabriel Sumastre is a skilled technical blogger and writer with more than seven years of professional experience in Web content creation, SEO and research paper writing. www.pluralsight.com (caveat emptor) un saludo ________________________________ From: Gérald Quintana <gerald.quint...@gmail.com> Sent: Thursday, February 14, 2019 5:41 AM To: users@kafka.apache.org Subject: Kafka SSL and multiple domain names Hello, We need to have the same Kafka cluster bound to multiple DNS aliases/domain names. However, for some poor reason, we can't have a single SSL certificate with subject alt names matching all DNS aliases. Is it possible to use different SSL certs depending on the hostname used by the client? Is it possible to use SNI (Server Name Indication) for TLS connections? Thanks,
