Details
-
Bug
-
Status: Resolved
-
Minor
-
Resolution: Fixed
-
2.3.1
-
None
Description
Hello,
I followed the documentation to use kafka with ssl, however the entire 'procedure' loses at the end the specified SAN.
To test, run (after the first keytool command and after the latest):
keytool -list -v -keystore server.keystore.jks
Reference:
http://kafka.apache.org/documentation.html#security_ssl
#!/bin/bash #Step 1 keytool -keystore server.keystore.jks -alias localhost -validity 365 -keyalg RSA -genkey -ext SAN=DNS:test.test.com #Step 2 openssl req -new -x509 -keyout ca-key -out ca-cert -days 365 keytool -keystore server.truststore.jks -alias CARoot -import -file ca-cert keytool -keystore client.truststore.jks -alias CARoot -import -file ca-cert #Step 3 keytool -keystore server.keystore.jks -alias localhost -certreq -file cert-file openssl x509 -req -CA ca-cert -CAkey ca-key -in cert-file -out cert-signed -days 365 -CAcreateserial -passin pass:test1234 keytool -keystore server.keystore.jks -alias CARoot -import -file ca-cert keytool -keystore server.keystore.jks -alias localhost -import -file cert-signed
In the detail, the SAN is losed after:
keytool -keystore server.keystore.jks -alias localhost -import -file cert-signed
Attachments
Issue Links
- links to