Thanks for this info can you please share what all needs to be present on the client side for mtls as in what all configuration are needed that side?
Thanks On Thu, Jun 24, 2021, 07:51 Shilin Wu <s...@confluent.io.invalid> wrote: > A few things to check: > > 1. Client trust store need to trust the server cert's issuer cert (AKA the > CA cert) > 2. The client must have a keystore that can be trusted by server's trust > store. > 3. The server needs to be accessed either via FQDN, or one of the SAN > address. If you are doing self sign, you can add many DNS alias and even ip > addresses to the server's cert. > 4. Make sure the server cert has extended key usage of serverAuth, client > cert has extended key usage of clientAuth. Actually you can have both - if > you are generating yourself. > > > > [image: Confluent] <https://www.confluent.io> > Wu Shilin > Solution Architect > +6581007012 > Follow us: [image: Blog] > < > https://www.confluent.io/blog?utm_source=footer&utm_medium=email&utm_campaign=ch.email-signature_type.community_content.blog > >[image: > Twitter] <https://twitter.com/ConfluentInc>[image: LinkedIn] > <https://www.linkedin.com/company/confluent/>[image: Slack] > <https://slackpass.io/confluentcommunity>[image: YouTube] > <https://youtube.com/confluent> > [image: Kafka Summit] <https://www.kafka-summit.org/> > > > On Thu, Jun 24, 2021 at 12:37 AM Anjali Sharma < > sharma.anjali.2...@gmail.com> > wrote: > > > Hi All, > > > > While trying for mtls ssl.client.aut=required, From Client side we are > > seeing some junk certificates which we have not imported on the client > > side? > > > > Please help with this? > > > > Thanks & Regards > > > > Anjali > > >
