I could see the below note in the link: https://www.elastic.co/guide/en/beats/filebeat/current/securing-communication-elasticsearch.html
For any given connection, the SSL/TLS certificates must have a subject that matches the value specified for hosts, or the SSL handshake fails. For example, if you specify hosts: ["foobar:9200"], the certificate MUST include foobar in the subject (CN=foobar) or as a subject alternative name (SAN). Make sure the hostname resolves to the correct IP address. If no DNS is available, then you can associate the IP address with your hostname in /etc/hosts (on Unix) or C:\Windows\System32\drivers\etc\hosts (on Windows).
Does this hold good for Kafka as well. If this is so, could you please explain why it will needed?