Stuck on configuring Kafka to use SSL

I was following the official documentation for SSL in kafka, section 7.3 on this link

However, I got stuck in Signing the certificate part where introduces
-infiles {certificate signing request}
,not mentioned before in the documentation.
I would want to know how this csr is created, with a server key not created in any of the previous steps.

Hi @blacky,

There’s an incorrect command for generating the CSR in this section. The command after this:

To generate certificate signing requests run the following command for all server keystores created so far.

… generates a key (-genkey) but it should generate a CSR (-certreq). It should look like this:

keytool -keystore server.keystore.jks -alias localhost -certreq -file cert_signing_request.pem -ext SAN=DNS:{FQDN},IP:{IPADDRESS1}

So, the two commands for generating the server keypair and CSR are:

keytool -keystore server.keystore.jks -alias localhost -validity 30 -genkey -keyalg RSA -storetype pkcs12

keytool -keystore server.keystore.jks -alias localhost -certreq -file cert_signing_request.pem

Then cert_signing_request.pem is the file you’d use later on.

Please let me know if that gets you past this and I’ll update the documentation.


This worked. Thank you

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.