SSL configuration in Apache Kafka

Fri, 07 Oct 2022 02:26:37 -0700 

Hi All,

I am trying to enable SSL in my kafka broker and have generated required
certificates following the steps provided in the official documentation.
I have also made changes in Kafka's server.properties to enable SSL.  On
starting zookeeper followed by kafka server startup, There are no error in
the logs in either of them.
However, When I configured my spring-boot producer application and tried
publishing the message, I am getting below error in the producer application

*Producer application error log:*

[Producer clientId=producer-1] Bootstrap broker localhost:9093 (id: -1
rack: null) disconnected

[Producer clientId=producer-1] Connection to node -1 (localhost/
127.0.0.1:9093) could not be established. Broker may not be available.



Simultaneously, The kafka server as well gives below error


*Kafka server log:*

 INFO [SocketServer listenerType=ZK_BROKER, nodeId=0] Failed authentication
with /127.0.0.1 (SSL handshake failed)
(org.apache.kafka.common.network.Selector)


I have added below properties in my producer application for SSL
Configuration:

spring.kafka.bootstrap-servers: localhost:9092,localhost:9093
spring.kafka.properties.ssl.endpoint.identification.algorithm:
spring.kafka.properties.ssl.protocol: SSL
spring.kafka.properties.ssl.trust-store-location:
pathtocert/kafka.server.truststore.jks
spring.kafka.properties.ssl.trust-store-password: mypassword
spring.kafka.properties.ssl.key-store-location:
pathtocert/kafka.server.keystore.jks
spring.kafka.properties.ssl.key-store-password: mypassword
spring.kafka.properties.ssl.key-password: mypassword

Below are my server.properties configurations of kafka server to enable SSL.

listeners=PLAINTEXT://:9092,SSL://localhost:9093
advertised.listeners=PLAINTEXT://localhost:9092,SSL://localhost:9093
ssl.endpoint.identification.algorithm=
ssl.client.auth=none
ssl.enabled.protocols=TLSv1.2,TLSv1.1,TLSv1.3,TLSv1
ssl.keystore.type=jks
ssl.truststore.type=jks
ssl.keystore.location=pathtocert/kafka.server.keystore.jks
ssl.keystore.password=mypassword
ssl.key.password=password
ssl.truststore.location=pathtocert/kafka.server.truststore.jks
ssl.truststore.password=mypassword
security.inter.broker.protocol = SSL
listener.security.protocol.map=PLAINTEXT:PLAINTEXT,SSL:SSL



Can someone please help me resolve the issue.


Thanks & Regards,

Namita

Reply via email to