i have my test/development certficates created for X509 request extensions
and SAN names cover:

DNS.1 localhost
> DNS.2 *.testsystem.net

To make things more practical, I have used the advertised.listeners and
listeners to ONLY SSL://localhost:9093.

I have verified the certificates and can also confirm that with the
following settings I can do some basic console producer/consumer test and
see data received:

> ssl.keystore.location=/kafka_2.10-
> ssl.keystore.password=youwish
> ssl.key.password=youwish
> ssl.truststore.location=/kafka_2.10-
> ssl.truststore.password=youwish
> ssl.endpoint.identification.algorithm=HTTPS
> ssl.secure.random.implementation=SHA1PRNG
> ssl.client.auth=required

Since I have got a wildcard DNS name in SAN would I be able to use the same
certificates for my brokers in test environment where they have FQDN as:


In other words, if the clients do full hostname verification will this be
accepted? I haven't managed to check the source file yet.

I hope I have set it up correctly as it suggests in RFC -

Kindest Regards,

Reply via email to