Hi everyone, It is about the step the public Certificate Authorities (CAs) are shifting to a stricter, single-purpose EKU policy. I tried to look around, but I didn't find anything about whether this topic has already come up in the Flink community discussions.
https://news.apache.org/foundation/entry/the-public-ca-clientauth-eku-sunset-what-apache-software-deployers-need-to-know Briefly, the public CAs will no longer issue multi-purpose certificates,those that currently can be used for both clientAuth and serverAuth simultaneously, and the browsers will not accept them either in the future. This obviously only affects users who use public CA certificates. It can actually be worked around by using self-signed certificates for internal security if needed. Do you think there will be any changes related to this in Flink? Best, Gyula
