Skip to content

Commit 00ab82d

Browse files
mergify[bot]khushijain21
mergify[bot]
and
khushijain21
authored
Update kafka certificates to include SANS (#50119) (#50121)
(cherry picked from commit 2c2ef29) Co-authored-by: Khushi Jain <khushi.jain@elastic.co>
1 parent 65b7738 commit 00ab82d

File tree

5 files changed

+53
-38
lines changed

5 files changed

+53
-38
lines changed

testing/environments/docker/kafka/README.md

Lines changed: 20 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,11 @@ The files in the `certs` directory were generated with these commands:
1010

1111
```sh
1212
# create the broker's key
13-
keytool -keystore broker.keystore.jks -storepass KafkaTest -alias broker -validity 5000 -keyalg RSA -sigalg SHA256withRSA -genkey
13+
keytool -genkeypair -keystore broker.keystore.jks -storepass KafkaTest \
14+
-alias broker -keyalg RSA -keysize 2048 -validity 5000 \
15+
-dname "CN=kafka" \
16+
-ext "SAN=dns:kafka,dns:localhost,ip:127.0.0.1"
17+
1418

1519
What is your first and last name?
1620
[Unknown]: kafka
@@ -26,8 +30,21 @@ keytool -keystore client.truststore.jks -storepass KafkaTest -alias CARoot -keya
2630
keytool -keystore broker.keystore.jks -storepass KafkaTest -alias broker -certreq -file broker-cert
2731

2832
# sign it with the CA
29-
openssl x509 -req -CA ca-cert -CAkey ca-key -in broker-cert -out broker-cert-signed -days 5000 -CAcreateserial -passin pass:KafkaTest -sha256
30-
33+
openssl x509 -req \
34+
-in broker-cert \
35+
-CA ca-cert -CAkey ca-key \
36+
-CAcreateserial \
37+
-out broker-cert-signed \
38+
-days 5000 \
39+
-passin pass:KafkaTest \
40+
-sha256 \
41+
-extfile <(printf '%s\n' \
42+
'[v3_req]' \
43+
'subjectAltName=DNS:kafka,DNS:localhost,IP:127.0.0.1' \
44+
'keyUsage=digitalSignature,keyEncipherment' \
45+
'extendedKeyUsage=serverAuth') \
46+
-extensions v3_req
47+
3148
# import CA and signed cert back into server keystore
3249
keytool -keystore broker.keystore.jks -storepass KafkaTest -alias CARoot -import -file ca-cert
3350
keytool -keystore broker.keystore.jks -storepass KafkaTest -alias broker -import -file broker-cert-signed

testing/environments/docker/kafka/certs/broker-cert

Lines changed: 14 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -1,18 +1,16 @@
11
-----BEGIN NEW CERTIFICATE REQUEST-----
2-
MIIC0jCCAboCAQAwXTELMAkGA1UEBhMCVVMxDjAMBgNVBAgTBWthZmthMQ4wDAYD
3-
VQQHEwVrYWZrYTEOMAwGA1UEChMFa2Fma2ExDjAMBgNVBAsTBWthZmthMQ4wDAYD
4-
VQQDEwVrYWZrYTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL8W8cV8
5-
IPoqY7kyNdGeUCSS6DXy/UoNcTVaVcxHytDDske6QP5VwVQmhJDxcvpCVIr5me2o
6-
UqSHlk60ikCkVbgspDLPg8scchXY8jxN4uVzcAIQqKOtJ02unLaSirO9uLuxq3mw
7-
Tg/TLZ8Ny9ytPOoE0feZKOL8kE5B3ar+IzJWiVxvTpdbM1FxMd0JIE1AGIGrwQPv
8-
OLv3mhYX/SsnbCty5PESp1dpfrvtBDDYv2AWkfJQuSlzspRHeXbRdAmkhxa1+RF0
9-
qovgfNXzF9LkMySm9YGSqD8WHtw7hl0PwG0vteJLH4dR3pccYQWoRiLYmPlCeg/t
10-
ZLvZxWkiIIJjuXECAwEAAaAwMC4GCSqGSIb3DQEJDjEhMB8wHQYDVR0OBBYEFDny
11-
LLWik9HtleB+eQgUuFRdP4J5MA0GCSqGSIb3DQEBCwUAA4IBAQBtG9QxU1i72aMh
12-
S+dBbWiSI1AsBiiCzisV9J5Yj0BdMbzLtUG0rAT4knC0jiGEykU+1SV20M7cG22v
13-
TRbXjvk9thVjuKlCMeeVYTmGACSuMFNhP1yje9bf8ohlP22WCfhAUqO4uCdQj8yT
14-
QvZeO7PrdJxxSIG8GDgSFf/vdPoBzI1LUYqGD62JSyGVr+iMt0L1O/yHzYJCl/ho
15-
ItN5xRQLoZITlrUTSzkPacU8fR2vBjv7h6/pTzlzJ1fbHK3yS34HojMdc7v+Q0Qb
16-
yaOomDnX++/W/2vS1LIocK0M2/qX9Nt6eyIVe1o+dsZYirXCJRcWZ4U0L71qIvMf
17-
VqNymL1T
2+
MIIChTCCAW0CAQAwEDEOMAwGA1UEAxMFa2Fma2EwggEiMA0GCSqGSIb3DQEBAQUA
3+
A4IBDwAwggEKAoIBAQDAWHB1RkanQ6Y7lBH23I3zPK7xn/KGDuY5oSNqmqL1k100
4+
lvbh1W0c2XngwM4j7UCz5WHux4N8uA/nX4wonoSJJQhf/9zvj9hZ3n5W+0rk3sYe
5+
gYONhQZcHALZqXSwOa1RM+hD3b+Xr6GWmaZpFuMpFL2uUhifWlhqPIf/eu7pnY6K
6+
T2b4temB+9FGfBR7WBtN/o7ylpWtzckWpAinBulSGvxnmsSot22JPETqMqYVZXb7
7+
T9Y6v80RfAby2bFI6iQJClWoyZ4aPZukx8kfWcdWfd1PyMcyj9Hh82uNkqfythxa
8+
on30BV3pdrloi2Hg87UJE1Y/VV1gncehFRhqGq3HAgMBAAGgMDAuBgkqhkiG9w0B
9+
CQ4xITAfMB0GA1UdDgQWBBSLh7AXxGypjjmDYZCbFPKvNVsIUjANBgkqhkiG9w0B
10+
AQwFAAOCAQEADrBi3n9otAUhBzhsQ9xq5xO2tgWE63KQ3fruPTSzPBH4OT7YiOGe
11+
KeljG9wpPBjfInEgLxNeNORqicsHEgFKHER5NrT+GrahGL1Ams08zlVJfI3aYVbz
12+
xSmquBaBZmDYyGuDlCGCNwHYoTwytBlQx5QBnJHhm8M5Ix8aJ8Q6CfJs8Dmj00VB
13+
eRa9h8SJ3p/P0PIL0mwNiKgg2yu5nEtD1LOJ/k32YCcYxyLot9VMb2dG86T0zXyM
14+
2Ab3B8vK7uN1ulbcTCMnYJMILnOvOan22dKQUS5QzHQKJ1o/m+7jRl8jYEa5Ixwz
15+
Ox0aeBrOX4JslwhRk7NnRY4+a1B5siu1uw==
1816
-----END NEW CERTIFICATE REQUEST-----

testing/environments/docker/kafka/certs/broker-cert-signed

Lines changed: 18 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -1,20 +1,20 @@
11
-----BEGIN CERTIFICATE-----
2-
MIIDTDCCAjQCCQD48GlXfeHoqzANBgkqhkiG9w0BAQsFADBzMQswCQYDVQQGEwJV
3-
UzEOMAwGA1UECAwFa2Fma2ExDjAMBgNVBAcMBWthZmthMQ4wDAYDVQQKDAVrYWZr
4-
YTEOMAwGA1UECwwFa2Fma2ExDjAMBgNVBAMMBWthZmthMRQwEgYJKoZIhvcNAQkB
5-
FgVrYWZrYTAeFw0yMjA4MDQxOTExMDZaFw0zNjA0MTIxOTExMDZaMF0xCzAJBgNV
6-
BAYTAlVTMQ4wDAYDVQQIEwVrYWZrYTEOMAwGA1UEBxMFa2Fma2ExDjAMBgNVBAoT
7-
BWthZmthMQ4wDAYDVQQLEwVrYWZrYTEOMAwGA1UEAxMFa2Fma2EwggEiMA0GCSqG
8-
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/FvHFfCD6KmO5MjXRnlAkkug18v1KDXE1
9-
WlXMR8rQw7JHukD+VcFUJoSQ8XL6QlSK+ZntqFKkh5ZOtIpApFW4LKQyz4PLHHIV
10-
2PI8TeLlc3ACEKijrSdNrpy2koqzvbi7sat5sE4P0y2fDcvcrTzqBNH3mSji/JBO
11-
Qd2q/iMyVolcb06XWzNRcTHdCSBNQBiBq8ED7zi795oWF/0rJ2wrcuTxEqdXaX67
12-
7QQw2L9gFpHyULkpc7KUR3l20XQJpIcWtfkRdKqL4HzV8xfS5DMkpvWBkqg/Fh7c
13-
O4ZdD8BtL7XiSx+HUd6XHGEFqEYi2Jj5QnoP7WS72cVpIiCCY7lxAgMBAAEwDQYJ
14-
KoZIhvcNAQELBQADggEBAACMzkWO0HjgnMUCuCJwNbG9/ZBA3gHeV5erBspYF/9Z
15-
bPVvRzCAvi5VgGRefosk+Q2dT4v/BIpOvIdmHQu4IUwulDz6ICBDaAlttKBEKWwU
16-
nKfmvRqxfphnMx2QoX+ZsInStCj7ERnYLCrOHGJrDOuJ3EfubDOqOnotkDXjSxkc
17-
cAk2Bt5UshDFerCaRZ8kTSB1U5JMWVnAUwyDbyN43iu2EL0hDc5klvjcaIXsodug
18-
d22GAhwnFipE+UB9sztwS3JXXAgX4r7BCJeenUAKr2bZQLL7yNYw1TDll01I/z9m
19-
+SHnz0p+fHJva4352Spv1HJXSaForJ5SKSr85UqGYk0=
2+
MIIDTTCCAjWgAwIBAgIJAPjwaVd94eisMA0GCSqGSIb3DQEBCwUAMHMxCzAJBgNV
3+
BAYTAlVTMQ4wDAYDVQQIDAVrYWZrYTEOMAwGA1UEBwwFa2Fma2ExDjAMBgNVBAoM
4+
BWthZmthMQ4wDAYDVQQLDAVrYWZrYTEOMAwGA1UEAwwFa2Fma2ExFDASBgkqhkiG
5+
9w0BCQEWBWthZmthMB4XDTI2MDQxNDEwMTMzMFoXDTM5MTIyMjEwMTMzMFowEDEO
6+
MAwGA1UEAxMFa2Fma2EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA
7+
WHB1RkanQ6Y7lBH23I3zPK7xn/KGDuY5oSNqmqL1k100lvbh1W0c2XngwM4j7UCz
8+
5WHux4N8uA/nX4wonoSJJQhf/9zvj9hZ3n5W+0rk3sYegYONhQZcHALZqXSwOa1R
9+
M+hD3b+Xr6GWmaZpFuMpFL2uUhifWlhqPIf/eu7pnY6KT2b4temB+9FGfBR7WBtN
10+
/o7ylpWtzckWpAinBulSGvxnmsSot22JPETqMqYVZXb7T9Y6v80RfAby2bFI6iQJ
11+
ClWoyZ4aPZukx8kfWcdWfd1PyMcyj9Hh82uNkqfythxaon30BV3pdrloi2Hg87UJ
12+
E1Y/VV1gncehFRhqGq3HAgMBAAGjRzBFMCEGA1UdEQQaMBiCBWthZmthgglsb2Nh
13+
bGhvc3SHBH8AAAEwCwYDVR0PBAQDAgWgMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA0G
14+
CSqGSIb3DQEBCwUAA4IBAQBszOhhKx7jlLgT0bCba7FQt+sCy4wFnfN3xBaI07ME
15+
v3pNb4I44VnOASzX72h6GZKjgZwmS0mRiTUz3GkfZ/y9iUwz772RD2goYcLgkOhW
16+
or5Nja6rsrS17cuogmu7+wi8zPcHIfK0i6XYYcueaV/DhXwwQoCQSh/WyIJKl/rx
17+
QcJVTZmN1EB24NCU1EsjbfV7D5jdx1RBwQgY3cv1yYErUztU8bHX6Q5q7YzwAD3C
18+
VD1N1xWeo/aMoYzV3gZSi8E05fNicW7U2u8nCmFFmKayZoT2EfaVV3jfdoWdlTZl
19+
PwDV1as4IZowDXVyc+9rNyPN2QNpayWRA9WDGURiw0GM
2020
-----END CERTIFICATE-----

testing/environments/docker/kafka/certs/broker.keystore.jks

16 Bytes
Binary file not shown.

testing/environments/docker/kafka/certs/ca-cert.srl

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1 +1 @@
1-
F8F069577DE1E8AB
1+
F8F069577DE1E8AC

0 commit comments

Comments
 (0)