• Apache Kafka
  • Feature Releases
Custom Subject Alternative Names now available on Instaclustr for Apache Kafka
Categories
View by year
View by blogger

NetApp is pleased to announce support for Subject Alternative Names (SANs) with Instaclustr for Apache Kafka®. You can now use Domain Name Server (DNS) names to securely establish the connection between your Kafka clients and the Kafka cluster.  

Subject Alternative Names (SANs) are an extension to X.509 (a standard that defines the format of public key certificates) that allows various forms of identities to be associated with a single certificate. 

Traditionally, SSL certificates are associated with a single Common Name (CN), i.e. a certificate would only be valid for the exact hostname listed in the CN field. When a client connected to a server, it checked the server’s certificate to ensure it was valid for the server’s hostname. This meant that if you wanted to secure multiple subdomains or multiple domains, you would need a separate certificate for each one.  

When connecting to a Kafka cluster, there are often benefits of addressing via an internal DNS. Connecting via DNS means you can use a name <cluster name>.<your company>.com rather than a list of IPs to specify the connection address.  

This provides the advantage that clients only need to be configured with the relevant DNS name for the connection, and if IP addresses change due to node-replacements, the DNS name will still direct to the cluster.  

Secure connections need to check the hostname used to connect with the hostname in the certificate and this is where SANs come in. They allow the certificate to contain both the required hostname and the server IP for secure communication with the clusters. 

With Instaclustr’s support for SANs, you can now enter the SANs of your choice either at the time of creating a new cluster or by updating them for an existing cluster. You can choose to do so via the Managed Platform Console, our API, or Terraform Provider.  

To currently apply the changes, the cluster will need to be restarted (which happens automatically). We are working to make it possible to apply such changes without restarts in a future release. 

This feature is now available for all users of Instaclustr for Apache Kafka. Refer to our support page here for more details on how to enable and use this new feature on your managed Kafka cluster. Please reach out to us via our support website in case of any questions. 

Speak To An Expert Today.
Contact us
Other articles
Read All