Is it possible to get Apache Kafka to present an SSL intermediate certificate?

Question

After reading this documentation: http://kafka.apache.org/documentation.html#security_ssl I was able to set up Kafka using SSL with a self-signed certificate.

I tried setting it up with a Digicert certificate, and it can present the certificate, but doesn't present the intermediate.

I wasn't able to find any documentation around using a certificate chain/intermediate certificates with Kafka, so I do not know if this is actually possible.

My keystore looks like this:

$ keytool -list -keystore star_dev.keystore
Keystore type: JKS
Keystore provider: SUN

Your keystore contains 2 entries

intermediateca, 18-May-2018, trustedCertEntry,
Certificate fingerprint (SHA1): 1F:B8:6B:11:68:EC:74:31[...]
star_dev, 18-May-2018, PrivateKeyEntry,
Certificate fingerprint (SHA1): 9D:B8:05:44:B1:2D:8E:3E[...]

score 0 · Accepted Answer · answered Jun 28 '18 at 06:38

0

This is the correct answer here: https://stackoverflow.com/questions/9299133/why-doesnt-java-send-the-client-certificate-during-ssl-handshake/9300727#9300727

You create a bundle from the certificate and intermediates as follows:

cat cert.crt intermediate.crt >> bundle.crt

Then import the bundle:

keytool -importcert -keystore store.jks -alias myalias -file bundle.pem

answered Jun 28 '18 at 06:38

Simon Greenwood

1,363
9
12

Thanks, I had to add some additional steps from https://stackoverflow.com/questions/906402/how-to-import-an-existing-x509-certificate-and-private-key-in-java-keystore-to-u/8224863#8224863 but your answer led me to what I needed. – danznz Jul 03 '18 at 21:47

Is it possible to get Apache Kafka to present an SSL intermediate certificate?

1 Answers1