You are viewing a plain text version of this content. The canonical link for it is here.

Posted to jira@kafka.apache.org by "Mickael Maison (Jira)" <ji...@apache.org> on 2020/02/25 16:26:00 UTC

[jira] [Resolved] (KAFKA-9308) Misses SAN after certificate creation

     [ https://issues.apache.org/jira/browse/KAFKA-9308?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Mickael Maison resolved KAFKA-9308.
-----------------------------------
    Fix Version/s: 2.6.0
       Resolution: Fixed

> Misses SAN after certificate creation
> -------------------------------------
>
>                 Key: KAFKA-9308
>                 URL: https://issues.apache.org/jira/browse/KAFKA-9308
>             Project: Kafka
>          Issue Type: Bug
>          Components: documentation
>    Affects Versions: 2.3.1
>            Reporter: Agostino Sarubbo
>            Assignee: Sönke Liebau
>            Priority: Minor
>             Fix For: 2.6.0
>
>
> Hello,
> I followed the documentation to use kafka with ssl, however the entire 'procedure' loses at the end the specified SAN.
> To test, run (after the first keytool command and after the latest):
>  
> {code:java}
> keytool -list -v -keystore server.keystore.jks
> {code}
> Reference:
>  [http://kafka.apache.org/documentation.html#security_ssl]
>  
> {code:java}
> #!/bin/bash
> #Step 1
> keytool -keystore server.keystore.jks -alias localhost -validity 365 -keyalg RSA -genkey -ext SAN=DNS:test.test.com
> #Step 2
> openssl req -new -x509 -keyout ca-key -out ca-cert -days 365
> keytool -keystore server.truststore.jks -alias CARoot -import -file ca-cert
> keytool -keystore client.truststore.jks -alias CARoot -import -file ca-cert
> #Step 3
> keytool -keystore server.keystore.jks -alias localhost -certreq -file cert-file 
> openssl x509 -req -CA ca-cert -CAkey ca-key -in cert-file -out cert-signed -days 365 -CAcreateserial -passin pass:test1234 
> keytool -keystore server.keystore.jks -alias CARoot -import -file ca-cert 
> keytool -keystore server.keystore.jks -alias localhost -import -file cert-signed
> {code}
>  
> In the detail, the SAN is losed after:
> {code:java}
> keytool -keystore server.keystore.jks -alias localhost -import -file cert-signed
> {code}



--
This message was sent by Atlassian Jira
(v8.3.4#803005)