I was following the official documentation for SSL in kafka, section 7.3 on this link https://kafka.apache.org/documentation/#security_ssl
However, I got stuck in Signing the certificate part where introduces
-infiles {certificate signing request}
,not mentioned before in the documentation.
I would want to know how this csr is created, with a server key not created in any of the previous steps.
Hi @blacky,
There’s an incorrect command for generating the CSR in this section. The command after this:
To generate certificate signing requests run the following command for all server keystores created so far.
… generates a key (-genkey) but it should generate a CSR (-certreq). It should look like this:
keytool -keystore server.keystore.jks -alias localhost -certreq -file cert_signing_request.pem -ext SAN=DNS:{FQDN},IP:{IPADDRESS1}
So, the two commands for generating the server keypair and CSR are:
keytool -keystore server.keystore.jks -alias localhost -validity 30 -genkey -keyalg RSA -storetype pkcs12
keytool -keystore server.keystore.jks -alias localhost -certreq -file cert_signing_request.pem
Then cert_signing_request.pem is the file you’d use later on.
Please let me know if that gets you past this and I’ll update the documentation.
HTH,
Dave
This worked. Thank you
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.