What You Need to Know
An industry-wide change to TLS certificates from Public Certificate Authorities (Public CAs) may affect multi-node KurrentDB clusters and prevent nodes from joining it.
If you are running a multi-node cluster in KurrentDB 24.2 or later and are impacted, upgrade to 24.10.12 or 26.0.2 and apply the recommended configuration changes described in this advisory.
Am I Impacted?
If your KurrentDB cluster is on Kurrent Cloud
You are impacted if:
- You are running KurrentDB 24.2 or later, and
- You are running a multi-node cluster
If you are impacted, follow the resolution steps in this advisory before August 3, 2026.
If your KurrentDB cluster is self-managed or runs on Kurrent Operator
You are impacted if:
- Your node certificates are issued by a public CA, such as Let’s Encrypt, DigiCert, Sectigo, or SSL.com, and
- You are running KurrentDB 24.2 or later, and
- You are running a multi-node cluster
You are not impacted if your node certificates are:
- Issued by your own private CA, or
- Self-signed, or
- Certificates that do not use the EKU extension at all
If you are impacted, follow the resolution steps in this advisory before your next certificate renewal. See the appendix for instructions on how to check your certificate.
See the article for more information.