Dear All,
When trying to configure mtls without restarting the brokers it is not
working.
For mutualTLS "ssl.client.auth" should be set to "required". So, if we are
trying to do the dynamic update using the below command
*sh /opt/kafka/bin/kafka-configs.sh --bootstrap-server localhost:28104
--entity-type brokers --entity-name 117373 **--alter --add-config
listener.name.app.ssl.client.auth=required*
*Completed updating config for broker 117373.*
*sh /opt/kafka/bin/kafka-configs.sh --bootstrap-server localhost:28104
--entity-type brokers --entity-name 117373 --describeDynamic configs for
broker 117373 are: listener.name.app.ssl.client.auth=required
sensitive=false
synonyms={DYNAMIC_BROKER_CONFIG:listener.name.app.ssl.client.auth=required,
STATIC_BROKER_CONFIG:ssl.client.auth=none,
DEFAULT_CONFIG:ssl.client.auth=none}*
Dynamic command execution is success but in captured tcpdump(pcap)
"Certificate Request" is not sent from Server below enter image description
here.
But if we alter manually and restart Kafka we can see "Certificate Request"
from Server in tcpdump.
Please help in resolving the dynamic update of altering
"ssl.client.auth=Required"
Pcap image is attached
