Re: Reg: Setting up strimzi kafka with own CA certs


Jakub Scholz
 

Strimzi needs to issue the certificates for the different components to secure them. That is why it needs a CA which can do that. If you use server certificate to issue new certs, properly written applications should reject it. If you want to use a server certificate, you should check the listener certificates, where you can provide only a server certificate and it will be used only for a given listener but not to secure replication etc.: https://strimzi.io/docs/operators/latest/full/using.html#kafka-listener-certificates-str

Jakub

On Thu, Apr 15, 2021 at 3:00 PM Nag Raj <tsnagraj.08@...> wrote:
Hi team, 

I was deploying strimzi kafka with own CA certs, my organization provides CA.crt, rootCA and intermediate CA. But in the strimzi documentation, to implement this scenario we need to have CA.Key as well which is not provided by my organization. Is there any way we can implement this use case without CA. Key. Thank you. 

Regards,
Raj

Join cncf-strimzi-dev@lists.cncf.io to automatically receive all group messages.