Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Connecting Kafka producer/consumer to broker via TLS

Tags:

ssl

apache-kafka

kafka-producer-api

I am trying to setup TLS for kafka broker. I have followed the steps here and able to setup the Kafka with TLS. (In log, I see SSL entry for the configured port).

Now I am facing the issue with connecting the producer/consumer.

  1. I created a client keystore using the below command,

    keytool -keystore client.keystore.jks -alias localhost -validity 365 -keyalg RSA -genkey

  2. Added the CA cert to the keystore,

    keytool -keystore client.keystore.jks -alias CARoot -import -file ca-cert

  3. Ran the below command in the client, where the ca-cert is the certificate used on the server.

    keytool -keystore client.truststore.jks -alias CARoot -import -file ca-cert
keytool -keystore client.keystore.jks -alias localhost -validity 365 -keyalg RSA -genkey
keytool -keystore client.keystore.jks -alias CARoot -import -file ca-cert

  4. Added the below config in the producer.properties,

    security.protocol=SSL
ssl.truststore.location=path to client.truststore.jks
ssl.truststore.password=<password>
ssl.keystore.location=path to client.keystore.jks
ssl.keystore.password=<password>
ssl.key.password=<password>

  5. Ran kafka-console-producer

    kafka-console-producer.sh --broker-list 0.0.0.0:9092 --topic test --producer.config ../config/producer.properties

But I am getting the below error when running the util,

WARN Connection to node -1 terminated during authentication. This may indicate that authentication failed due to invalid credentials. (org.apache.kafka.clients.NetworkClient)

Suspecting that I am missing something in the client config. Any help would be greatly appreciated.

like image 846
Kannan Ramamoorthy Avatar asked Jul 13 '17 19:07

Kannan Ramamoorthy

People also ask

Does Kafka support TLS?

TLS is only supported by new Kafka Producer and Consumer, the older APIs are not supported. Enabling security is simply a matter of configuration, no code changes are required.

How do I transfer data to Kafka broker?

Step1: Start the zookeeper as well as the kafka server. Step2: Type the command: 'kafka-console-producer' on the command line. This will help the user to read the data from the standard inputs and write it to the Kafka topic.

Does Kafka client connect to all brokers?

A client that wants to send or receive messages from the Kafka cluster may connect to any broker in the cluster. Every broker in the cluster has metadata about all the other brokers and will help the client connect to them as well, and therefore any broker in the cluster is also called a bootstrap server.

1 Answers

Are you trying with client side certificate ? Rather I would recommend, try without client certificate. In that case you only need below entries,

producer.properties file:-

security.protocol=SSL
ssl.truststore.location=/<path-to>/truststore.jks
ssl.truststore.type=JKS

Read more about it here - http://kafka.apache.org/documentation/#security_configclients

For client authentication kafka uses SASL, This part of the document covers it clearly - http://kafka.apache.org/documentation/#security_sasl

like image 94
Haridas N Avatar answered Oct 13 '22 15:10

Haridas N
Sign in to Comment

Related questions

How to create deep copy of Linked List that maintain same order
keras: extracting weights using get_weights function
How do I get an AWS Lambda Remaining time using Python and Zappa?
How can I reorder a grid of columns?
Groupby and apply pandas vs dask
Elixir pattern match on ecto error
how to use 2 datatables in same page?
How do I change parsys drop area text in AEM 6.3's Touch UI?
Nested reductions -- what is the most idiomatic way to write these in Chapel?
Error when deploying with git (dokku) - timeout / broken pipe
tkinter PhotoImage doesn't exist?
table cell views are not right aligned

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!