Hi, I would like to setup my Kafka cluster so that it has several SSL listeners (for replication, for clients in internal network, for clients in external network etc.). But I need to use different certificates for each listener. In particular I need: * different server keys (keystore) because the clients connecting from within internal network use different hostnames to connect then the clients connecting from external network and I want hostname verification to work. (With some private CA the different hostnames can be in the same certificate as alternate subjects. But I would like to have private CA key for the internal interface with internal addresses and key from a public CA for the external address. So I need two keys.) * different truststore because two separate groups of users are authenticating over the different interfaces.
Kafka allows to create several different listeners with different configurations. That is great. But it seems that when I create several SSL interfaces they all share the same keystore and truststore file. Is my understanding correct? Or is there some way how to configure each listener to use different keystore / truststore? Thanks & Regards Jakub
