Help Center/
Distributed Message Service for Kafka/
User Guide/
Connecting to an Instance/
Configuring Kafka Access Control/
Obtaining and Using An SSL Kafka Certificate in PEM Format
Updated on 2025-02-14 GMT+08:00
Obtaining and Using An SSL Kafka Certificate in PEM Format
This section describes how to obtain an SSL certificate in PEM format and use it to access a Kafka instance.
Prerequisite
SASL_SSL has been enabled for the Kafka instance.
Obtaining a PEM SSL Certificate
- Log in to the console.
- Click
in the upper left corner to select the region where your instance is located. - Click
and choose Middleware > Distributed Message Service (for Kafka) to open the console of DMS for Kafka. - In the navigation pane, choose Kafka Instances.
- Click the desired instance to go to the instance details page.
- Click Download next to Connection > SSL Certificate.
- Decompress the Zip package to obtain the PEM SSL certificate client.pem.
Accessing a Kafka Instance Using a PEM Certificate
The following section demonstrates how to access a Kafka instance using a PEM certificate on a Java client.
Access a Kafka instance to produce and consume messages by referring to Configuring Kafka Clients in Java. Modify the SASL setting of the message production and consumption configuration files as follows:
# If the SASL mechanism is PLAIN, configure as follows: sasl.mechanism=PLAIN sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required \ username="username" \ password="password"; # If the SASL mechanism is SCRAM-SHA-512, configure as follows: sasl.mechanism=SCRAM-SHA-512 sasl.jaas.config=org.apache.kafka.common.security.scram.ScramLoginModule required \ username="username" \ password="password"; #Set the Kafka security protocol. security.protocol=SASL_SSL # ssl truststore.location is the path for storing the SSL certificate. The following code uses the path format in Windows as an example. Change the path format based on the actual running environment. ssl.truststore.location=E:\\temp\\client.pem # ssl.truststore.password is the server certificate password. To access a Kafka instance using a PEM certificate, skip this parameter. #ssl.truststore.password=dms@kafka # ssl.endpoint.identification.algorithm indicates whether to verify the certificate domain name. This parameter must be left blank, which indicates disabling domain name verification. ssl.endpoint.identification.algorithm= # Add the ssl.truststore.type parameter to specify the client certificate type to PEM. ssl.truststore.type=PEM
Parent topic: Configuring Kafka Access Control
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
The system is busy. Please try again later.
For any further questions, feel free to contact us through the chatbot.
Chatbot
