Use the keytool command to create a trust store with the CA chain used in your certificates. I am using Venafi, so I need to import two CA public keys:<\/p>\n\n\n
\nkeytool -keystore kafka.truststore.jks -alias SectigoRoot -import -file "Sectigo RSA Organization Validation Secure Server CA.crt"\nkeytool -keystore kafka.truststore.jks -alias UserTrustRoot -import -file "USERTrust RSA Certification Authority.crt"\n<\/pre><\/div>\n\n\nUpdate the Client Configuration<\/h2>\n\n\n\n
Create a producer-ssl.properties or consumer-ssl.properties based on your current producer\/consumer properties file. Update the port \u2013 9095 is used for SSL\u00a0\u2013 and append the following lines<\/p>\n\n\n
\nsecurity.protocol=SSLssl.truststore.location=\/path\/to\/kafka.truststore.jks\nssl.truststore.password=<WhateverYouSetInThePreviousStep>\n<\/pre><\/div>\n\n\nUsing the CLI Client Tools<\/h2>\n\n\n\n
Once you have a property configured properties file, you can invoke either the kafka-console-consumer.sh or kafka-console-producer.sh scripts indicating your new properties file:<\/p>\n\n\n
\n\/kafka\/bin\/kafka-console-consumer.sh --bootstrap-server kafka1586.example.net:9095 --topic LJRTest --consumer.config \/kafka\/config\/consumer-ssl.properties --group LJR5\n\n\/kafka\/bin\/kafka-console-producer.sh --bootstrap-server kafka1586.example.net:9095 --topic LJRTest --producer.config \/kafka\/config\/producer-ssl.properties\n<\/pre><\/div>\n\n\nTo debug SSL communication, set the following KAFKA_OPTS prior to invoking the command line producer\/consumer utilities:<\/p>\n\n\n
\nexport KAFKA_OPTS="-Djavax.net.debug=ssl,handshake"\n<\/pre><\/div>","protected":false},"excerpt":{"rendered":"Update the Client Configuration Use the keytool command to create a trust store with the CA chain used in your certificates. I am using Venafi, so I need to import two CA public keys: Update the Client Configuration Create a producer-ssl.properties or consumer-ssl.properties based on your current producer\/consumer properties file. Update the port \u2013 9095 …<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1762],"tags":[1361],"class_list":["post-10812","post","type-post","status-publish","format-standard","hentry","category-kafka","tag-kafka"],"_links":{"self":[{"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=\/wp\/v2\/posts\/10812","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=10812"}],"version-history":[{"count":1,"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=\/wp\/v2\/posts\/10812\/revisions"}],"predecessor-version":[{"id":10813,"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=\/wp\/v2\/posts\/10812\/revisions\/10813"}],"wp:attachment":[{"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=10812"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=10812"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.rushworth.us\/lisa\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=10812"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}