Help Center> MapReduce Service> Developer Guide (Normal_3.x)> Kafka Development Guide (Security Mode)> More Information> External Interfaces> SSL Encryption Function Used by a Client
Updated on 2023-04-10 GMT+08:00
View PDF

SSL Encryption Function Used by a Client

Prerequisites

  1. Before enabling the SSL function on the client, ensure that the SSL function on the server has been enabled (ssl.mode.enable on the server has been set to true).
  2. The SSL function requires APIs. For details, see Safety Instructions on Using Kafka

Description

  • SSL used by a Linux client
    1. Change the value of security.protocol in the client installation directory/Kafka/kafka/config/producer.properties and client installation directory/Kafka/kafka/config/consumer.properties directories to SASL_SSL or SSL.
    2. When using the Shell commands to access the Client installation directory/Kafka/kafka/bin directory, enter a port ID corresponding to the protocol set in step 1. For example, if security.protocol is set to SASL_SSL, an SASL_SSL protocol port ID is required, which is 21009 by default:

      sh kafka-console-producer.sh --broker-list <IP address of the Kafka cluster:21009> --topic <Topic name> --producer.config config/producer.properties

      sh kafka-console-consumer.sh --topic <Topic name> --bootstrap-server <IP address of the Kafka cluster:21009> --consumer.config config/consumer.properties

  • SSL used by a Windows client
    1. Download the Kafka client, decompress the client, and find the ca.crt file in the root directory.
    2. Use the ca.crt file to generate the TrustStore file of the client.

      Run the keytool -noprompt -import -alias myservercert -file ca.crt -keystore truststore.jks command in the Java running environment.

    3. Copy the generated truststore.jks file to the conf directory of the IntelliJ IDEA project and add the following code to the client code (construction methods for Producer.java or Consumer.java):
      //Address of the truststore file
props.put("ssl.truststore.location", System.getProperty("user.dir") + File.separator + "conf" + File.separator + "truststore.jks");
//Password of the truststore file (password entered when the file is generated)
props.put("ssl.truststore.password", "XXXXX");
    4. Change the value of security.protocol in producer.properties and consumer.properties in the src/main/resources directory of the client sample project as required, and change the value of bootstrap.servers in the producer.properties file to ensure that the type of security.protocol matches with the port ID of bootstrap.servers.
Parent topic: External Interfaces