Hybrid Custom method didnt take the user given server certificates

[lavis11]

I have used the hybrid model as specified in https://github.com/banzaicloud/koperator/blob/master/config/samples/kafkacluster_with_ssl_hybrid_customcert.yaml

serverSSLCertSecret and sslSecrets are given

secret in serverSSLCertSecret has
Data

password: 16 bytes
tls.crt: 2102 bytes
tls.key: 1704 bytes
truststore.jks: 905 bytes
ca.crt: 1204 bytes
keystore.jks: 3739 bytes

But vxkafka-server-certificate is created with different tls.key, tls.crt, keystore,truststore, password.
but root certificates are used as i given in the secret.

[bartam1]

Hello @lavis11 !
kafka-server-certificate is created because the sslSecrets is filled out and there is a listener with SSL.
Listeners where serverSSLCertSecret is not specified, use the generated ones (this is why hybrid). When serverSSLCertSecret is specified, the listener will use your custom server certificate.

[lavis11]

Thanks @bartam1 . Understood.
I have used serverSSLCertSecret in all the listeners but the passwords are different from what i have given

[bartam1]

@lavis11 You have to specify the password in the serverSSLCertSecret in base64 encoded format for the JKS truststore and keystore. You can generate client and server certificates with the use of sslSecrets.create=true and check them as an example for serverSSLCertSecret and clientSSLCertSecret. You have to give the CNAMES also: https://banzaicloud.com/docs/supertubes/kafka-operator/ssl/#generate-jks-certificate

[panyuenlau]

Hey @lavis11, with the information provided by @bartam1 above, are you able to resolve the issue that you encountered?