Strimzi
Replies: 1 comment
-
|
I'm afraid that this is currently not supported. If you want to be able to easily revoke individual users, SCRAM-SHA (does not need anything else than Kafka) or OAuth (needs an OAuth Authorization server of course) might be better choice. You can also supply your own Clients CA for the mTLS authentication and then you can manage the certificates yourself which might give you more options to do this. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Hi,
Thanks for the real good work putting into Strimzi!
We are planning to put a mTLS setup into production. However, we need a way to revoke a single client certificate (e.g. if the private key have leaked, or for personal operator accounts at the time leaving the company), without creating a new client CA. So far, I did not find a way to do. It seems, client certificates are only checked against the CA cert (which is good), but there is no support for CRLs (which I am now looking for).
Is there any way to revoke a single client certificate using Strimzi CA? Or any operable idea on how to do this in day two operations?
Best regards,
Beta Was this translation helpful? Give feedback.
All reactions