SSL Encryption Function Used by a Client
Prerequisites
- Before enabling the SSL function on the client, ensure that the SSL service function on the server has been enabled (ssl.mode.enable of the server has been set to true).
- The SSL function requires APIs. For details, see Safety Instruction on Using Kafka.
Description
- SSL used by a Linux client
- Change the value of security.protocol in the client installation directory/Kafka/kafka/config/producer.properties and client installation directory/Kafka/kafka/config/consumer.properties directories to SASL_SSL or SSL.
- When using the Shell commands, enter a port ID corresponding to the protocol set in Step 1. For example, if security.protocol is set to SASL_SSL, an SASL_SSL protocol port ID is required, which is 21009 by default:
bin/kafka-console-producer.sh --broker-list <IP address of a Kafka cluster:21009> --topic <Topic name> --producer.config config/producer.properties
bin/kafka-console-consumer.sh --topic <Topic name> --bootstrap-server <IP address of a Kafka cluster:21009> --consumer.config config/consumer.properties
- SSL used by a Windows client
- Download the Kafka client, decompress the client, and find the ca.crt file in the root directory.
- Use the ca.crt file to generate the TrustStore file of the client.
Run the following command in the Java running environment:
keytool -noprompt -import -alias myservercert -file ca.crt -keystore truststore.jks
- Copy the generated truststore.jks file to the conf directory of the IntelliJ IDEA project and add the following codes to the client codes (construction methods for Producer.java or Consumer.java):
//truststore file address props.put("ssl.truststore.location", System.getProperty("user.dir") + File.separator + "conf" + File.separator + "truststore.jks"); //truststore file password (password when the TrustStore file is generated) props.put("ssl.truststore.password", "XXXXX");
- Change the values of security.protocol in producer.properties and consumer.properties in the src/main/resources directory of the client sample project as required, and change the value of bootstrap.servers in the producer.properties file to ensure that the type of security.protocol matches with the port ID of bootstrap.servers.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot