Skip to content

[9.4](backport #50119) Update kafka certificates to include SANS #50121

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
khushijain21 merged 1 commit into from
Apr 15, 2026
Merged

[9.4](backport #50119) Update kafka certificates to include SANS #50121

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
23 changes: 20 additions & 3 deletions testing/environments/docker/kafka/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,11 @@ The files in the `certs` directory were generated with these commands:

```sh
# create the broker's key
keytool -keystore broker.keystore.jks -storepass KafkaTest -alias broker -validity 5000 -keyalg RSA -sigalg SHA256withRSA -genkey
keytool -genkeypair -keystore broker.keystore.jks -storepass KafkaTest \
-alias broker -keyalg RSA -keysize 2048 -validity 5000 \
-dname "CN=kafka" \
-ext "SAN=dns:kafka,dns:localhost,ip:127.0.0.1"


What is your first and last name?
[Unknown]: kafka
Expand All @@ -26,8 +30,21 @@ keytool -keystore client.truststore.jks -storepass KafkaTest -alias CARoot -keya
keytool -keystore broker.keystore.jks -storepass KafkaTest -alias broker -certreq -file broker-cert

# sign it with the CA
openssl x509 -req -CA ca-cert -CAkey ca-key -in broker-cert -out broker-cert-signed -days 5000 -CAcreateserial -passin pass:KafkaTest -sha256

openssl x509 -req \
-in broker-cert \
-CA ca-cert -CAkey ca-key \
-CAcreateserial \
-out broker-cert-signed \
-days 5000 \
-passin pass:KafkaTest \
-sha256 \
-extfile <(printf '%s\n' \
'[v3_req]' \
'subjectAltName=DNS:kafka,DNS:localhost,IP:127.0.0.1' \
'keyUsage=digitalSignature,keyEncipherment' \
'extendedKeyUsage=serverAuth') \
-extensions v3_req

# import CA and signed cert back into server keystore
keytool -keystore broker.keystore.jks -storepass KafkaTest -alias CARoot -import -file ca-cert
keytool -keystore broker.keystore.jks -storepass KafkaTest -alias broker -import -file broker-cert-signed
Expand Down
30 changes: 14 additions & 16 deletions testing/environments/docker/kafka/certs/broker-cert
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,18 +1,16 @@
-----BEGIN NEW CERTIFICATE REQUEST-----
MIIC0jCCAboCAQAwXTELMAkGA1UEBhMCVVMxDjAMBgNVBAgTBWthZmthMQ4wDAYD
VQQHEwVrYWZrYTEOMAwGA1UEChMFa2Fma2ExDjAMBgNVBAsTBWthZmthMQ4wDAYD
VQQDEwVrYWZrYTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL8W8cV8
IPoqY7kyNdGeUCSS6DXy/UoNcTVaVcxHytDDske6QP5VwVQmhJDxcvpCVIr5me2o
UqSHlk60ikCkVbgspDLPg8scchXY8jxN4uVzcAIQqKOtJ02unLaSirO9uLuxq3mw
Tg/TLZ8Ny9ytPOoE0feZKOL8kE5B3ar+IzJWiVxvTpdbM1FxMd0JIE1AGIGrwQPv
OLv3mhYX/SsnbCty5PESp1dpfrvtBDDYv2AWkfJQuSlzspRHeXbRdAmkhxa1+RF0
qovgfNXzF9LkMySm9YGSqD8WHtw7hl0PwG0vteJLH4dR3pccYQWoRiLYmPlCeg/t
ZLvZxWkiIIJjuXECAwEAAaAwMC4GCSqGSIb3DQEJDjEhMB8wHQYDVR0OBBYEFDny
LLWik9HtleB+eQgUuFRdP4J5MA0GCSqGSIb3DQEBCwUAA4IBAQBtG9QxU1i72aMh
S+dBbWiSI1AsBiiCzisV9J5Yj0BdMbzLtUG0rAT4knC0jiGEykU+1SV20M7cG22v
TRbXjvk9thVjuKlCMeeVYTmGACSuMFNhP1yje9bf8ohlP22WCfhAUqO4uCdQj8yT
QvZeO7PrdJxxSIG8GDgSFf/vdPoBzI1LUYqGD62JSyGVr+iMt0L1O/yHzYJCl/ho
ItN5xRQLoZITlrUTSzkPacU8fR2vBjv7h6/pTzlzJ1fbHK3yS34HojMdc7v+Q0Qb
yaOomDnX++/W/2vS1LIocK0M2/qX9Nt6eyIVe1o+dsZYirXCJRcWZ4U0L71qIvMf
VqNymL1T
MIIChTCCAW0CAQAwEDEOMAwGA1UEAxMFa2Fma2EwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDAWHB1RkanQ6Y7lBH23I3zPK7xn/KGDuY5oSNqmqL1k100
lvbh1W0c2XngwM4j7UCz5WHux4N8uA/nX4wonoSJJQhf/9zvj9hZ3n5W+0rk3sYe
gYONhQZcHALZqXSwOa1RM+hD3b+Xr6GWmaZpFuMpFL2uUhifWlhqPIf/eu7pnY6K
T2b4temB+9FGfBR7WBtN/o7ylpWtzckWpAinBulSGvxnmsSot22JPETqMqYVZXb7
T9Y6v80RfAby2bFI6iQJClWoyZ4aPZukx8kfWcdWfd1PyMcyj9Hh82uNkqfythxa
on30BV3pdrloi2Hg87UJE1Y/VV1gncehFRhqGq3HAgMBAAGgMDAuBgkqhkiG9w0B
CQ4xITAfMB0GA1UdDgQWBBSLh7AXxGypjjmDYZCbFPKvNVsIUjANBgkqhkiG9w0B
AQwFAAOCAQEADrBi3n9otAUhBzhsQ9xq5xO2tgWE63KQ3fruPTSzPBH4OT7YiOGe
KeljG9wpPBjfInEgLxNeNORqicsHEgFKHER5NrT+GrahGL1Ams08zlVJfI3aYVbz
xSmquBaBZmDYyGuDlCGCNwHYoTwytBlQx5QBnJHhm8M5Ix8aJ8Q6CfJs8Dmj00VB
eRa9h8SJ3p/P0PIL0mwNiKgg2yu5nEtD1LOJ/k32YCcYxyLot9VMb2dG86T0zXyM
2Ab3B8vK7uN1ulbcTCMnYJMILnOvOan22dKQUS5QzHQKJ1o/m+7jRl8jYEa5Ixwz
Ox0aeBrOX4JslwhRk7NnRY4+a1B5siu1uw==
-----END NEW CERTIFICATE REQUEST-----
36 changes: 18 additions & 18 deletions testing/environments/docker/kafka/certs/broker-cert-signed
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,20 +1,20 @@
-----BEGIN CERTIFICATE-----
MIIDTDCCAjQCCQD48GlXfeHoqzANBgkqhkiG9w0BAQsFADBzMQswCQYDVQQGEwJV
UzEOMAwGA1UECAwFa2Fma2ExDjAMBgNVBAcMBWthZmthMQ4wDAYDVQQKDAVrYWZr
YTEOMAwGA1UECwwFa2Fma2ExDjAMBgNVBAMMBWthZmthMRQwEgYJKoZIhvcNAQkB
FgVrYWZrYTAeFw0yMjA4MDQxOTExMDZaFw0zNjA0MTIxOTExMDZaMF0xCzAJBgNV
BAYTAlVTMQ4wDAYDVQQIEwVrYWZrYTEOMAwGA1UEBxMFa2Fma2ExDjAMBgNVBAoT
BWthZmthMQ4wDAYDVQQLEwVrYWZrYTEOMAwGA1UEAxMFa2Fma2EwggEiMA0GCSqG
SIb3DQEBAQUAA4IBDwAwggEKAoIBAQC/FvHFfCD6KmO5MjXRnlAkkug18v1KDXE1
WlXMR8rQw7JHukD+VcFUJoSQ8XL6QlSK+ZntqFKkh5ZOtIpApFW4LKQyz4PLHHIV
2PI8TeLlc3ACEKijrSdNrpy2koqzvbi7sat5sE4P0y2fDcvcrTzqBNH3mSji/JBO
Qd2q/iMyVolcb06XWzNRcTHdCSBNQBiBq8ED7zi795oWF/0rJ2wrcuTxEqdXaX67
7QQw2L9gFpHyULkpc7KUR3l20XQJpIcWtfkRdKqL4HzV8xfS5DMkpvWBkqg/Fh7c
O4ZdD8BtL7XiSx+HUd6XHGEFqEYi2Jj5QnoP7WS72cVpIiCCY7lxAgMBAAEwDQYJ
KoZIhvcNAQELBQADggEBAACMzkWO0HjgnMUCuCJwNbG9/ZBA3gHeV5erBspYF/9Z
bPVvRzCAvi5VgGRefosk+Q2dT4v/BIpOvIdmHQu4IUwulDz6ICBDaAlttKBEKWwU
nKfmvRqxfphnMx2QoX+ZsInStCj7ERnYLCrOHGJrDOuJ3EfubDOqOnotkDXjSxkc
cAk2Bt5UshDFerCaRZ8kTSB1U5JMWVnAUwyDbyN43iu2EL0hDc5klvjcaIXsodug
d22GAhwnFipE+UB9sztwS3JXXAgX4r7BCJeenUAKr2bZQLL7yNYw1TDll01I/z9m
+SHnz0p+fHJva4352Spv1HJXSaForJ5SKSr85UqGYk0=
MIIDTTCCAjWgAwIBAgIJAPjwaVd94eisMA0GCSqGSIb3DQEBCwUAMHMxCzAJBgNV
BAYTAlVTMQ4wDAYDVQQIDAVrYWZrYTEOMAwGA1UEBwwFa2Fma2ExDjAMBgNVBAoM
BWthZmthMQ4wDAYDVQQLDAVrYWZrYTEOMAwGA1UEAwwFa2Fma2ExFDASBgkqhkiG
9w0BCQEWBWthZmthMB4XDTI2MDQxNDEwMTMzMFoXDTM5MTIyMjEwMTMzMFowEDEO
MAwGA1UEAxMFa2Fma2EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDA
WHB1RkanQ6Y7lBH23I3zPK7xn/KGDuY5oSNqmqL1k100lvbh1W0c2XngwM4j7UCz
5WHux4N8uA/nX4wonoSJJQhf/9zvj9hZ3n5W+0rk3sYegYONhQZcHALZqXSwOa1R
M+hD3b+Xr6GWmaZpFuMpFL2uUhifWlhqPIf/eu7pnY6KT2b4temB+9FGfBR7WBtN
/o7ylpWtzckWpAinBulSGvxnmsSot22JPETqMqYVZXb7T9Y6v80RfAby2bFI6iQJ
ClWoyZ4aPZukx8kfWcdWfd1PyMcyj9Hh82uNkqfythxaon30BV3pdrloi2Hg87UJ
E1Y/VV1gncehFRhqGq3HAgMBAAGjRzBFMCEGA1UdEQQaMBiCBWthZmthgglsb2Nh
bGhvc3SHBH8AAAEwCwYDVR0PBAQDAgWgMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA0G
CSqGSIb3DQEBCwUAA4IBAQBszOhhKx7jlLgT0bCba7FQt+sCy4wFnfN3xBaI07ME
v3pNb4I44VnOASzX72h6GZKjgZwmS0mRiTUz3GkfZ/y9iUwz772RD2goYcLgkOhW
or5Nja6rsrS17cuogmu7+wi8zPcHIfK0i6XYYcueaV/DhXwwQoCQSh/WyIJKl/rx
QcJVTZmN1EB24NCU1EsjbfV7D5jdx1RBwQgY3cv1yYErUztU8bHX6Q5q7YzwAD3C
VD1N1xWeo/aMoYzV3gZSi8E05fNicW7U2u8nCmFFmKayZoT2EfaVV3jfdoWdlTZl
PwDV1as4IZowDXVyc+9rNyPN2QNpayWRA9WDGURiw0GM
-----END CERTIFICATE-----
Binary file modified testing/environments/docker/kafka/certs/broker.keystore.jks
View file
Open in desktop
Binary file not shown.
2 changes: 1 addition & 1 deletion testing/environments/docker/kafka/certs/ca-cert.srl
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1 +1 @@
F8F069577DE1E8AB
F8F069577DE1E8AC
Loading