Communicating With Kafka Server Using SSL

Update the Client Configuration

Use the keytool command to create a trust store with the CA chain used in your certificates. I am using Venafi, so I need to import two CA public keys:

keytool -keystore kafka.truststore.jks -alias SectigoRoot -import -file "Sectigo RSA Organization Validation Secure Server CA.crt"
keytool -keystore kafka.truststore.jks -alias UserTrustRoot -import -file "USERTrust RSA Certification Authority.crt"

Update the Client Configuration

Create a or based on your current producer/consumer properties file. Update the port – 9095 is used for SSL – and append the following lines


Using the CLI Client Tools

Once you have a property configured properties file, you can invoke either the or scripts indicating your new properties file:

/kafka/bin/ --bootstrap-server --topic LJRTest --consumer.config /kafka/config/ --group LJR5

/kafka/bin/ --bootstrap-server --topic LJRTest --producer.config /kafka/config/

To debug SSL communication, set the following KAFKA_OPTS prior to invoking the command line producer/consumer utilities:

export KAFKA_OPTS=",handshake"

Leave a Reply

Your email address will not be published. Required fields are marked *