You're very welcome, and good luck with your installation.
Kind regards,
Richard Bosch
On Fri, 16 Sep 2022, 17:56 James Ziesig,
wrote:
> Hi Richard,
>
> Thank you for the response. That does clear things up for me. I thought
> it would be good to avoid MITM attacks by validating SAN, if CN
Hi Richard,
Thank you for the response. That does clear things up for me. I thought
it would be good to avoid MITM attacks by validating SAN, if CN is a
service identifier, without the need for ACLs. However, I do appreciate
the added flexibility provided by the ACLs, and the lack of client
Hi Jim,
The broker setting for endpoint identification is used when a broker
connects to another broker.
For client connection the handshake is performed by verifying that the
certificate presented by the client is signed by a CA that's in the
truststore, and that it hasn't expired yet.
If you
Hi,
I have configured mTLS on a three server Kafka cluster. The servers and
clients are all communicating properly, except I am having trouble with
client hostname validation when the client is using a cert from a different
host. I would expect this to fail on handshake like it does when the
