Tried to configure Schema registry with SSL. When attempted to use HTTPS schema registry with AVRO Producer, it failed with error
No SAN Name found
I had configured to ignore the host name checking. but still didnt work. Similar configuration had worked on KAFKA REST, CONNECT and KSQL.
ALso tried to run query from KSQL which uses schema registry. Failed with same error that No SAN Name found.
Below were configuration on Schema Registry for HTTPS;
listeners=https://0.0.0.0:8081
ssl.keystore.location=/confluent-5.5.0/cert/kafka.server.keystore.jks
ssl.keystore.password=password
ssl.key.password=password
On avro producer and KSQL i had configured truststore and specified
ssl.endpoint.identification.algorithm=
Can you please help configure Schema registry with HTTPS and have it work with avro producer and KSQL?
It seems that Subject Alternative Name (SAN) is missing from your certificates.
To do so, append the argument
-ext SAN=DNS:{FQDN}
to the keytool command:Make sure to inclued SAN when creating servers' keystores. This is also mentioned in the Confluent's Security Tutorial:
Alternatively, you can choose to disable server host verification:
Therefore, you just need to set in server.properties the following configuration and finally restart your Kafka Cluster: