You can use SSL to encrypt the communication between the Apache Kafka broker and client
applications. You can also use SSL with SASL for authentication.
Before you begin
To enable data communication to take place in a secure fashion, you must create a key store and a
trust store, and then configure them on the Kafka server and clients. For more information, see
Creating SSL artifacts.
Procedure
- Enable SSL in the Kafka brokers by completing the steps documented in Securing Apache Kafka client communications.
- Log in to the WebSphere® Application Server
Integrated Solutions Console (admin console), select a relevant resource environment entry (such as
kafkaSAMResourceReference), then navigate to Custom
properties.
- Add or update the following custom properties on the resource environment
entries:
| Property name |
Value |
security.protocol |
SSL |
ssl.truststore.location |
The SSL trust store path. This should be the same path as found in the
server.properties file. |
ssl.truststore.password |
The SSL trust store password. This should be the same password as found in the
server.properties file. |
enableSSLMessaging |
true |
ssl.keystore.password |
The SSL key store password. This should be the same password as found in the
server.properties file. |
ssl.key.password |
The SSL key password. This should be the same password as found in the
server.properties file. |
ssl.keystore.location |
The SSL key store path. This should be the same path as found in the
server.properties file. |
sasl.mechanism |
ssl |
bootstrap.servers |
<hostname>:<kafka_server_ssl_port> |
If your Kafka broker implementation uses SASL communication, then add or update the
following additional resource environment entries:
| Property name |
Value |
security.protocol |
SASL_SSL |
sasl.mechanism |
PLAIN |
- Restart the InfoSphere®
MDM
application server.
Results
After completing these changes, you can send messages to Apache Kafka topics in InfoSphere
MDM
with SSL/SASL enabled.