diff --git a/testing/environments/docker/kafka/README.md b/testing/environments/docker/kafka/README.md index 16b6223f9881..beabaf3e02e8 100644 --- a/testing/environments/docker/kafka/README.md +++ b/testing/environments/docker/kafka/README.md @@ -10,7 +10,11 @@ The files in the `certs` directory were generated with these commands: ```sh # create the broker's key -keytool -keystore broker.keystore.jks -storepass KafkaTest -alias broker -validity 5000 -keyalg RSA -sigalg SHA256withRSA -genkey +keytool -genkeypair -keystore broker.keystore.jks -storepass KafkaTest \ + -alias broker -keyalg RSA -keysize 2048 -validity 5000 \ + -dname "CN=kafka" \ + -ext "SAN=dns:kafka,dns:localhost,ip:127.0.0.1" + What is your first and last name? [Unknown]: kafka @@ -26,8 +30,21 @@ keytool -keystore client.truststore.jks -storepass KafkaTest -alias CARoot -keya keytool -keystore broker.keystore.jks -storepass KafkaTest -alias broker -certreq -file broker-cert # sign it with the CA -openssl x509 -req -CA ca-cert -CAkey ca-key -in broker-cert -out broker-cert-signed -days 5000 -CAcreateserial -passin pass:KafkaTest -sha256 - +openssl x509 -req \ + -in broker-cert \ + -CA ca-cert -CAkey ca-key \ + -CAcreateserial \ + -out broker-cert-signed \ + -days 5000 \ + -passin pass:KafkaTest \ + -sha256 \ + -extfile <(printf '%s\n' \ + '[v3_req]' \ + 'subjectAltName=DNS:kafka,DNS:localhost,IP:127.0.0.1' \ + 'keyUsage=digitalSignature,keyEncipherment' \ + 'extendedKeyUsage=serverAuth') \ + -extensions v3_req + # import CA and signed cert back into server keystore keytool -keystore broker.keystore.jks -storepass KafkaTest -alias CARoot -import -file ca-cert keytool -keystore broker.keystore.jks -storepass KafkaTest -alias broker -import -file broker-cert-signed diff --git a/testing/environments/docker/kafka/certs/broker-cert b/testing/environments/docker/kafka/certs/broker-cert index d40676da0a68..58a84f4638fd 100644 --- a/testing/environments/docker/kafka/certs/broker-cert +++ b/testing/environments/docker/kafka/certs/broker-cert @@ -1,18 +1,16 @@ -----BEGIN NEW CERTIFICATE REQUEST----- -MIIC0jCCAboCAQAwXTELMAkGA1UEBhMCVVMxDjAMBgNVBAgTBWthZmthMQ4wDAYD -VQQHEwVrYWZrYTEOMAwGA1UEChMFa2Fma2ExDjAMBgNVBAsTBWthZmthMQ4wDAYD -VQQDEwVrYWZrYTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL8W8cV8 -IPoqY7kyNdGeUCSS6DXy/UoNcTVaVcxHytDDske6QP5VwVQmhJDxcvpCVIr5me2o -UqSHlk60ikCkVbgspDLPg8scchXY8jxN4uVzcAIQqKOtJ02unLaSirO9uLuxq3mw -Tg/TLZ8Ny9ytPOoE0feZKOL8kE5B3ar+IzJWiVxvTpdbM1FxMd0JIE1AGIGrwQPv -OLv3mhYX/SsnbCty5PESp1dpfrvtBDDYv2AWkfJQuSlzspRHeXbRdAmkhxa1+RF0 -qovgfNXzF9LkMySm9YGSqD8WHtw7hl0PwG0vteJLH4dR3pccYQWoRiLYmPlCeg/t -ZLvZxWkiIIJjuXECAwEAAaAwMC4GCSqGSIb3DQEJDjEhMB8wHQYDVR0OBBYEFDny -LLWik9HtleB+eQgUuFRdP4J5MA0GCSqGSIb3DQEBCwUAA4IBAQBtG9QxU1i72aMh -S+dBbWiSI1AsBiiCzisV9J5Yj0BdMbzLtUG0rAT4knC0jiGEykU+1SV20M7cG22v -TRbXjvk9thVjuKlCMeeVYTmGACSuMFNhP1yje9bf8ohlP22WCfhAUqO4uCdQj8yT -QvZeO7PrdJxxSIG8GDgSFf/vdPoBzI1LUYqGD62JSyGVr+iMt0L1O/yHzYJCl/ho -ItN5xRQLoZITlrUTSzkPacU8fR2vBjv7h6/pTzlzJ1fbHK3yS34HojMdc7v+Q0Qb -yaOomDnX++/W/2vS1LIocK0M2/qX9Nt6eyIVe1o+dsZYirXCJRcWZ4U0L71qIvMf -VqNymL1T +MIIChTCCAW0CAQAwEDEOMAwGA1UEAxMFa2Fma2EwggEiMA0GCSqGSIb3DQEBAQUA +A4IBDwAwggEKAoIBAQDAWHB1RkanQ6Y7lBH23I3zPK7xn/KGDuY5oSNqmqL1k100 +lvbh1W0c2XngwM4j7UCz5WHux4N8uA/nX4wonoSJJQhf/9zvj9hZ3n5W+0rk3sYe +gYONhQZcHALZqXSwOa1RM+hD3b+Xr6GWmaZpFuMpFL2uUhifWlhqPIf/eu7pnY6K +T2b4temB+9FGfBR7WBtN/o7ylpWtzckWpAinBulSGvxnmsSot22JPETqMqYVZXb7 +T9Y6v80RfAby2bFI6iQJClWoyZ4aPZukx8kfWcdWfd1PyMcyj9Hh82uNkqfythxa +on30BV3pdrloi2Hg87UJE1Y/VV1gncehFRhqGq3HAgMBAAGgMDAuBgkqhkiG9w0B +CQ4xITAfMB0GA1UdDgQWBBSLh7AXxGypjjmDYZCbFPKvNVsIUjANBgkqhkiG9w0B +AQwFAAOCAQEADrBi3n9otAUhBzhsQ9xq5xO2tgWE63KQ3fruPTSzPBH4OT7YiOGe +KeljG9wpPBjfInEgLxNeNORqicsHEgFKHER5NrT+GrahGL1Ams08zlVJfI3aYVbz +xSmquBaBZmDYyGuDlCGCNwHYoTwytBlQx5QBnJHhm8M5Ix8aJ8Q6CfJs8Dmj00VB +eRa9h8SJ3p/P0PIL0mwNiKgg2yu5nEtD1LOJ/k32YCcYxyLot9VMb2dG86T0zXyM +2Ab3B8vK7uN1ulbcTCMnYJMILnOvOan22dKQUS5QzHQKJ1o/m+7jRl8jYEa5Ixwz +Ox0aeBrOX4JslwhRk7NnRY4+a1B5siu1uw== -----END NEW CERTIFICATE REQUEST----- diff --git a/testing/environments/docker/kafka/certs/broker-cert-signed b/testing/environments/docker/kafka/certs/broker-cert-signed index b52a642064e3..c8a73f86eff0 100644 --- a/testing/environments/docker/kafka/certs/broker-cert-signed +++ b/testing/environments/docker/kafka/certs/broker-cert-signed @@ -1,20 +1,20 @@ -----BEGIN CERTIFICATE----- -MIIDTDCCAjQCCQD48GlXfeHoqzANBgkqhkiG9w0BAQsFADBzMQswCQYDVQQGEwJV -UzEOMAwGA1UECAwFa2Fma2ExDjAMBgNVBAcMBWthZmthMQ4wDAYDVQQKDAVrYWZr -YTEOMAwGA1UECwwFa2Fma2ExDjAMBgNVBAMMBWthZmthMRQwEgYJKoZIhvcNAQkB -FgVrYWZrYTAeFw0yMjA4MDQxOTExMDZaFw0zNjA0MTIxOTExMDZaMF0xCzAJBgNV -BAYTAlVTMQ4wDAYDVQQIEwVrYWZrYTEOMAwGA1UEBxMFa2Fma2ExDjAMBgNVBAoT -BWthZmthMQ4wDAYDVQQLEwVrYWZrYTEOMAwGA1UEAxMFa2Fma2EwggEiMA0GCSqG -SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/FvHFfCD6KmO5MjXRnlAkkug18v1KDXE1 -WlXMR8rQw7JHukD+VcFUJoSQ8XL6QlSK+ZntqFKkh5ZOtIpApFW4LKQyz4PLHHIV -2PI8TeLlc3ACEKijrSdNrpy2koqzvbi7sat5sE4P0y2fDcvcrTzqBNH3mSji/JBO -Qd2q/iMyVolcb06XWzNRcTHdCSBNQBiBq8ED7zi795oWF/0rJ2wrcuTxEqdXaX67 -7QQw2L9gFpHyULkpc7KUR3l20XQJpIcWtfkRdKqL4HzV8xfS5DMkpvWBkqg/Fh7c -O4ZdD8BtL7XiSx+HUd6XHGEFqEYi2Jj5QnoP7WS72cVpIiCCY7lxAgMBAAEwDQYJ -KoZIhvcNAQELBQADggEBAACMzkWO0HjgnMUCuCJwNbG9/ZBA3gHeV5erBspYF/9Z -bPVvRzCAvi5VgGRefosk+Q2dT4v/BIpOvIdmHQu4IUwulDz6ICBDaAlttKBEKWwU -nKfmvRqxfphnMx2QoX+ZsInStCj7ERnYLCrOHGJrDOuJ3EfubDOqOnotkDXjSxkc -cAk2Bt5UshDFerCaRZ8kTSB1U5JMWVnAUwyDbyN43iu2EL0hDc5klvjcaIXsodug -d22GAhwnFipE+UB9sztwS3JXXAgX4r7BCJeenUAKr2bZQLL7yNYw1TDll01I/z9m -+SHnz0p+fHJva4352Spv1HJXSaForJ5SKSr85UqGYk0= +MIIDTTCCAjWgAwIBAgIJAPjwaVd94eisMA0GCSqGSIb3DQEBCwUAMHMxCzAJBgNV +BAYTAlVTMQ4wDAYDVQQIDAVrYWZrYTEOMAwGA1UEBwwFa2Fma2ExDjAMBgNVBAoM +BWthZmthMQ4wDAYDVQQLDAVrYWZrYTEOMAwGA1UEAwwFa2Fma2ExFDASBgkqhkiG +9w0BCQEWBWthZmthMB4XDTI2MDQxNDEwMTMzMFoXDTM5MTIyMjEwMTMzMFowEDEO +MAwGA1UEAxMFa2Fma2EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA +WHB1RkanQ6Y7lBH23I3zPK7xn/KGDuY5oSNqmqL1k100lvbh1W0c2XngwM4j7UCz +5WHux4N8uA/nX4wonoSJJQhf/9zvj9hZ3n5W+0rk3sYegYONhQZcHALZqXSwOa1R +M+hD3b+Xr6GWmaZpFuMpFL2uUhifWlhqPIf/eu7pnY6KT2b4temB+9FGfBR7WBtN +/o7ylpWtzckWpAinBulSGvxnmsSot22JPETqMqYVZXb7T9Y6v80RfAby2bFI6iQJ +ClWoyZ4aPZukx8kfWcdWfd1PyMcyj9Hh82uNkqfythxaon30BV3pdrloi2Hg87UJ +E1Y/VV1gncehFRhqGq3HAgMBAAGjRzBFMCEGA1UdEQQaMBiCBWthZmthgglsb2Nh +bGhvc3SHBH8AAAEwCwYDVR0PBAQDAgWgMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA0G +CSqGSIb3DQEBCwUAA4IBAQBszOhhKx7jlLgT0bCba7FQt+sCy4wFnfN3xBaI07ME +v3pNb4I44VnOASzX72h6GZKjgZwmS0mRiTUz3GkfZ/y9iUwz772RD2goYcLgkOhW +or5Nja6rsrS17cuogmu7+wi8zPcHIfK0i6XYYcueaV/DhXwwQoCQSh/WyIJKl/rx +QcJVTZmN1EB24NCU1EsjbfV7D5jdx1RBwQgY3cv1yYErUztU8bHX6Q5q7YzwAD3C +VD1N1xWeo/aMoYzV3gZSi8E05fNicW7U2u8nCmFFmKayZoT2EfaVV3jfdoWdlTZl +PwDV1as4IZowDXVyc+9rNyPN2QNpayWRA9WDGURiw0GM -----END CERTIFICATE----- diff --git a/testing/environments/docker/kafka/certs/broker.keystore.jks b/testing/environments/docker/kafka/certs/broker.keystore.jks index b243d544e07b..4b18c02eeaf6 100644 Binary files a/testing/environments/docker/kafka/certs/broker.keystore.jks and b/testing/environments/docker/kafka/certs/broker.keystore.jks differ diff --git a/testing/environments/docker/kafka/certs/ca-cert.srl b/testing/environments/docker/kafka/certs/ca-cert.srl index 75591a0f2db6..a64e1dc86595 100644 --- a/testing/environments/docker/kafka/certs/ca-cert.srl +++ b/testing/environments/docker/kafka/certs/ca-cert.srl @@ -1 +1 @@ -F8F069577DE1E8AB +F8F069577DE1E8AC