we need some help regarding ca certificate authority change in kafka . Currently we are connecting in kafka using ssl implementation.
kafka version used is 1.1.1
below is server.properties
options tried :-
- generating new certificates and updating into existing keystore and truststore (we are observing that client is able to connect using one ca is getting accepted old ca or new ca)
- only private keys in keystore and root certs in truststore (we are observing that client is able to connect using one ca is getting accepted old ca or new ca)
- muliple keystore and truststore files using comma separated format (client connect is not working at all)
can anyone please help us on this, as this change in authority will cause outage and connection issues with existing clients.
Current Result : only one certificate is working , eaither the old one or new one
Expected Result : both the certificates(keystore & trust store ) should work, old one & new one.
Validation process : After updating the broker certificates we are trying to connect to broker ( from kafka tool) by using consumer certificates.