Updated on 2022-09-14 GMT+08:00

SSL Encryption Function Used by a Client

Prerequisites

  1. Before enabling the SSL function on the client, ensure that the SSL service function on the server has been enabled (ssl.mode.enable of the server has been set to true).
  2. The SSL function requires APIs. For details, see Safety Instruction on Using Kafka.

Description

  • SSL used by a Linux client
    1. Change the value of security.protocol in the client installation directory/Kafka/kafka/config/producer.properties and client installation directory/Kafka/kafka/config/consumer.properties directories to SASL_SSL or SSL.
    2. When using the Shell commands, enter a port ID corresponding to the protocol set in Step 1. For example, if security.protocol is set to SASL_SSL, an SASL_SSL protocol port ID is required, which is 21009 by default:

      bin/kafka-console-producer.sh --broker-list <IP address of a Kafka cluster:21009> --topic <Topic name> --producer.config config/producer.properties

      bin/kafka-console-consumer.sh --topic <Topic name> --bootstrap-server <IP address of a Kafka cluster:21009> --consumer.config config/consumer.properties

  • SSL used by a Windows client
    1. Download the Kafka client, decompress the client, and find the ca.crt file in the root directory.
    2. Use the ca.crt file to generate the TrustStore file of the client.

      Run the keytool -noprompt -import -alias myservercert -file ca.crt -keystore truststore.jks command in the Java running environment.

    3. Copy the generated truststore.jks file to the conf directory of the IntelliJ IDEA project and add the following codes to the client codes (construction methods for Producer.java or Consumer.java):
      //truststore file address 
      props.put("ssl.truststore.location", System.getProperty("user.dir") + File.separator + "conf" + File.separator + "truststore.jks");
      //truststore file password (password when the TrustStore file is generated) 
      props.put("ssl.truststore.password", "XXXXX");
    4. Change the values of security.protocol in producer.properties and consumer.properties in the src/main/resources directory of the client sample project as required, and change the value of bootstrap.servers in the producer.properties file to ensure that the type of security.protocol matches with the port ID of bootstrap.servers.