Menu
Does setting ssl.client.auth=required mean that the client's certificate has to be added to the kafka truststore?
Regards,
Yash
725
Setting ssl.client.auth=required means that clients will need to pass SSL/TLS client authentication which is based on the truststore.
The truststore should contain certificates of trusted certification authorities. So if your clients use signed certificates, you should put the certificate of this certification authority into the truststore. That would allow all clients who have a certificate signed with this CA to authenticate.
If you use self-signed certificates or if you want only selected signed certificates to authenticate, you can put directly their certificates into the truststore. But they will be treated as trusted CAs - so if the client uses its client certificate as a CA and sign more certificates, these will be also able to authenticate. So this is not completely secure.
119
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
