Skip to content

Basic TLS setup #10247

Answered by scholzj
LDTips asked this question in Q&A
Jun 20, 2024 · 1 comments · 8 replies
Discussion options

You must be logged in to vote
  • Set generateCertificateAuthority: false for the clusterCa, but true for clientCa

If you want to use it for clients, than you don't want to generate the clientsCa => so it is the other way around?

  • For the user secret add the ca.crt, user.crt and user.key

Actually, it is the CA public key that establishes the trust. So you do not need to provide the user certs in any form. As long as they are signed by the Clients CA (the public key you provide), the will be able to connect (but if you provide only the public key, you have to use the type: tls-external in the KafkaUSer resources and generate the keys on your own obviously).

Replies: 1 comment 8 replies

Comment options

You must be logged in to vote
8 replies
@LDTips
Comment options

@scholzj
Comment options

@LDTips
Comment options

@scholzj
Comment options

Answer selected by LDTips
@LDTips
Comment options

@LDTips
Comment options

@scholzj
Comment options

@LDTips
Comment options

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Category
Q&A
Labels
None yet
2 participants