Enabling SSL on Kafka to secure MDM notifications
You can use SSL to encrypt the communication between the Apache Kafka broker and client applications. You can also use SSL with SASL for authentication.
Before you begin
To enable data communication to take place in a secure fashion, you must create a key store and a trust store, and then configure them on the Kafka server and clients. For more information, see Creating SSL artifacts.
- Enable SSL in the Kafka brokers by completing the steps documented in Securing Apache Kafka client communications.
- Log in to the WebSphere® Application Server Integrated Solutions Console (admin console), select a relevant resource environment entry (such as kafkaSAMResourceReference), then navigate to Custom properties.
- Add or update the following custom properties on the resource environment
If your Kafka broker implementation uses SASL communication, then add or update the following additional resource environment entries:
Property name Value
The SSL trust store path. This should be the same path as found in the server.properties file.
The SSL trust store password. This should be the same password as found in the server.properties file.
The SSL key store password. This should be the same password as found in the server.properties file.
The SSL key password. This should be the same password as found in the server.properties file.
The SSL key store path. This should be the same path as found in the server.properties file.
<hostname>:<kafka_server_ssl_port> Property name Value
- Restart the InfoSphere® MDM application server.
After completing these changes, you can send messages to Apache Kafka topics in InfoSphere MDM with SSL/SASL enabled.