Follow these steps to configure SSL for Apache Kafka. These steps must be performed on the computer where IBM® Streams and WebSphere® Application Server are installed.
Procedure
-
On the computer where Apache Kafka is installed, log on as the root user.
- Add the signed certificate that you created in Securing data in motion for Apache Kafka to the truststore.
keytool -import -file ca-cert -keystore SIKafkaClientSSLTruststore.jks -alias
CARoot
The truststore is automatically created.
- When prompted, enter the password that you used.
- Create a key and a keystore for each Kafka producer or consumer client.
keytool –genkey -alias SIKafkaClientSSL -validity 365 -keystore
SIKafkaClientSSLKeystore.jks -dname "CN=si.ibm.com,O=IBM,OU=IBMAnalytics,L=IN,ST=ON,C=CA" -keypass
YourKeyPassword
- When prompted, enter a password for the key.
-
Export the client certificate from the keystore. The certificate must be imported into the
Apache Kafka server. This certificate can be self-signed.
keytool -export -file SIKafkaClientCert.arm -alias SIKafkaClientSSL -keystore
SIKafkaClientSSLKeystore.jks
- When prompted, enter the password that you used.
- Import the client certificate to the truststore for the Apache Kafka broker
(server).
keytool –import -keystore SIKafkaServerSSLTruststore.jks -alias SIKafkaClientCert1
-file SIKafkaClientCert.arm
- Create a file that is named producer.properties in the
/home/streamsadmin directory.