Moogsoft Docs

Configuring SSL in Kafka

Kafka SSL Configuration

To configure SSL proceed as follows:

  1. Create a new directory using the mkdir command.

  2. Run the following command in the command prompt. The Server keystore file is generated:

    keytool -keystore server.keystore.jks -alias localhost -validity 365 -keyalg RSA -genkey

    Note

    You need to specify two parameters in the above command:

    • keystore: the keystore file that stores the certificate. The keystore file contains the private key of the certificate, therefore, it needs to be kept safely
    • validity: the valid time of the certificate in days
  3. Enter the following commands one by one. The truststore certificate is generated and signed.

    openssl req -new -x509 -keyout ca-key -out ca-cert -days 365
    keytool -keystore server.truststore.jks -alias CARoot -import -file ca-cert
    keytool -keystore client.truststore.jks -alias CARoot -import -file ca-cert
  4. Enter the following commands one by one. This signs the generated keystore certificate with the truststore.

    keytool -keystore server.keystore.jks -alias localhost -certreq -file cert-file
    openssl x509 -req -CA ca-cert -CAkey ca-key -in cert-file -out cert-signed -days 365 -CAcreateserial -passin pass:test1234
    keytool -keystore server.keystore.jks -alias CARoot -import -file ca-cert
    keytool -keystore server.keystore.jks -alias localhost -import -file cert-signed
  5. Navigate to the Kafka config directory.
  6. Open the server.properties file and enter the following text:

    listeners=PLAINTEXT://host.name:port,SSL://host.name:port

    Note

    The Kafka Broker supports listening on multiple ports and IP addresses. To enable this feature, specify one or more comma-separated values in the listeners. For SSL communication specify SSL://host.name:port , where hostname and port are that of the server where the broker is installed

  7. Enter the following details into the server.properties file:

    ssl.keystore.location=/var/private/ssl/server.keystore.jks
    ssl.keystore.password=test1234
    ssl.key.password=test1234
    ssl.truststore.location=/var/private/ssl/server.truststore.jks
    ssl.truststore.password=test1234

    Note

    The path given here is the path where the above generated keystore and truststore certificates are present. Enter the path where the generated certificates are present

    The password used here is the password that was used while generating the certificates. Enter the password that was used while creating the certificates

SSL is now configured for Kafka. Copy the client.truststore.jks certificate to the machine where the Kafka LAM is running.