You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@kafka.apache.org by Ritesh Sinha <ku...@gmail.com> on 2015/12/09 15:17:21 UTC
Doubt regarding Encryption and Authentication using SSL
Hi,
I am following the kafka documentation to create encryption and
authentication while sending message to kafka by ssl
I got stuck at these commands
kafka-console-producer.sh --broker-list localhost:9093 --topic test
--producer.config *client-ssl.properties*
kafka-console-consumer.sh --bootstrap-server localhost:9093 --topic
test --new-consumer --consumer.config *client-ssl.properties*
*I*t is asking for *client-ssl.properties* for producer and consumer
config. I am not sure what these files are.I am able to follow these
steps :
Generate SSL key and certificate for each Kafka broker
Creating your own CA
<http://kafka.apache.org/documentation.html#security_ssl_ca>
Signing the certificate
Configuring Kafka Brokers
Can anyone help me in understanding what file does producer config needs
exactly?
Thanks in Advance
Re: Doubt regarding Encryption and Authentication using SSL
Posted by Ritesh Sinha <ku...@gmail.com>.
Solved it . Thanks
On Wed, Dec 9, 2015 at 10:39 PM, Ritesh Sinha <
kumarriteshranjansinha@gmail.com> wrote:
> Thanks Ben for your prompt reply.
>
> But when I am trying to start the producer it throws this error.
>
> org.apache.kafka.common.KafkaException: Failed to construct kafka producer
> at
> org.apache.kafka.clients.producer.KafkaProducer.<init>(KafkaProducer.java:321)
> at
> org.apache.kafka.clients.producer.KafkaProducer.<init>(KafkaProducer.java:181)
> at kafka.producer.NewShinyProducer.<init>(BaseProducer.scala:36)
> at kafka.tools.ConsoleProducer$.main(ConsoleProducer.scala:46)
> at kafka.tools.ConsoleProducer.main(ConsoleProducer.scala)
> Caused by: org.apache.kafka.common.KafkaException:
> org.apache.kafka.common.KafkaException: java.io.IOException: Keystore was
> tampered with, or password was incorrect
> at
> org.apache.kafka.common.network.SslChannelBuilder.configure(SslChannelBuilder.java:44)
> at
> org.apache.kafka.common.network.ChannelBuilders.create(ChannelBuilders.java:60)
> at
> org.apache.kafka.clients.ClientUtils.createChannelBuilder(ClientUtils.java:80)
> at
> org.apache.kafka.clients.producer.KafkaProducer.<init>(KafkaProducer.java:271)
> ... 4 more
> Caused by: org.apache.kafka.common.KafkaException: java.io.IOException:
> Keystore was tampered with, or password was incorrect
> at
> org.apache.kafka.common.security.ssl.SslFactory.configure(SslFactory.java:95)
> at
> org.apache.kafka.common.network.SslChannelBuilder.configure(SslChannelBuilder.java:41)
> ... 7 more
> Caused by: java.io.IOException: Keystore was tampered with, or password
> was incorrect
> at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:772)
> at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:55)
> at java.security.KeyStore.load(KeyStore.java:1226)
> at
> org.apache.kafka.common.security.ssl.SslFactory$SecurityStore.load(SslFactory.java:191)
> at
> org.apache.kafka.common.security.ssl.SslFactory$SecurityStore.access$000(SslFactory.java:175)
> at
> org.apache.kafka.common.security.ssl.SslFactory.createSSLContext(SslFactory.java:119)
> at
> org.apache.kafka.common.security.ssl.SslFactory.configure(SslFactory.java:93)
> ... 8 more
> Caused by: java.security.UnrecoverableKeyException: Password verification
> failed
> at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:770)
> ... 14 more
>
>
> I tried recreating the keystore but still same issuse.
>
> On Wed, Dec 9, 2015 at 9:37 PM, Ben Stopford <be...@confluent.io> wrote:
>
>> Hi Ritesh
>>
>> You just need to create yourself a text file called client-ssl.properties
>> or similar in the directory your running from. In that file you put your
>> SSL client information. Something like this:
>>
>> security.protocol = SSL
>> ssl.truststore.location = "/var/private/ssl/kafka.client.truststore.jks"
>> ssl.truststore.password = "test1234"
>>
>> If you prefer you can pass these on the command line too with the
>> producer/consumer-property option too.
>>
>> There’s some documentation here <
>> http://docs.confluent.io/2.0.0/kafka/ssl.html#configuring-kafka-clients>
>> if you’d like more info.
>>
>> All the best
>>
>> Ben
>>
>>
>> > On 9 Dec 2015, at 14:17, Ritesh Sinha <ku...@gmail.com>
>> wrote:
>> >
>> > Hi,
>> >
>> >
>> > I am following the kafka documentation to create encryption and
>> > authentication while sending message to kafka by ssl
>> >
>> > I got stuck at these commands
>> >
>> > kafka-console-producer.sh --broker-list localhost:9093 --topic test
>> > --producer.config *client-ssl.properties*
>> >
>> > kafka-console-consumer.sh --bootstrap-server localhost:9093 --topic
>> > test --new-consumer --consumer.config *client-ssl.properties*
>> >
>> > *I*t is asking for *client-ssl.properties* for producer and consumer
>> > config. I am not sure what these files are.I am able to follow these
>> > steps :
>> >
>> > Generate SSL key and certificate for each Kafka broker
>> > Creating your own CA
>> > <http://kafka.apache.org/documentation.html#security_ssl_ca>
>> > Signing the certificate
>> > Configuring Kafka Brokers
>> >
>> > Can anyone help me in understanding what file does producer config needs
>> > exactly?
>> >
>> > Thanks in Advance
>>
>>
>
Re: Doubt regarding Encryption and Authentication using SSL
Posted by Ritesh Sinha <ku...@gmail.com>.
Thanks Ben for your prompt reply.
But when I am trying to start the producer it throws this error.
org.apache.kafka.common.KafkaException: Failed to construct kafka producer
at
org.apache.kafka.clients.producer.KafkaProducer.<init>(KafkaProducer.java:321)
at
org.apache.kafka.clients.producer.KafkaProducer.<init>(KafkaProducer.java:181)
at kafka.producer.NewShinyProducer.<init>(BaseProducer.scala:36)
at kafka.tools.ConsoleProducer$.main(ConsoleProducer.scala:46)
at kafka.tools.ConsoleProducer.main(ConsoleProducer.scala)
Caused by: org.apache.kafka.common.KafkaException:
org.apache.kafka.common.KafkaException: java.io.IOException: Keystore was
tampered with, or password was incorrect
at
org.apache.kafka.common.network.SslChannelBuilder.configure(SslChannelBuilder.java:44)
at
org.apache.kafka.common.network.ChannelBuilders.create(ChannelBuilders.java:60)
at
org.apache.kafka.clients.ClientUtils.createChannelBuilder(ClientUtils.java:80)
at
org.apache.kafka.clients.producer.KafkaProducer.<init>(KafkaProducer.java:271)
... 4 more
Caused by: org.apache.kafka.common.KafkaException: java.io.IOException:
Keystore was tampered with, or password was incorrect
at
org.apache.kafka.common.security.ssl.SslFactory.configure(SslFactory.java:95)
at
org.apache.kafka.common.network.SslChannelBuilder.configure(SslChannelBuilder.java:41)
... 7 more
Caused by: java.io.IOException: Keystore was tampered with, or password was
incorrect
at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:772)
at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:55)
at java.security.KeyStore.load(KeyStore.java:1226)
at
org.apache.kafka.common.security.ssl.SslFactory$SecurityStore.load(SslFactory.java:191)
at
org.apache.kafka.common.security.ssl.SslFactory$SecurityStore.access$000(SslFactory.java:175)
at
org.apache.kafka.common.security.ssl.SslFactory.createSSLContext(SslFactory.java:119)
at
org.apache.kafka.common.security.ssl.SslFactory.configure(SslFactory.java:93)
... 8 more
Caused by: java.security.UnrecoverableKeyException: Password verification
failed
at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:770)
... 14 more
I tried recreating the keystore but still same issuse.
On Wed, Dec 9, 2015 at 9:37 PM, Ben Stopford <be...@confluent.io> wrote:
> Hi Ritesh
>
> You just need to create yourself a text file called client-ssl.properties
> or similar in the directory your running from. In that file you put your
> SSL client information. Something like this:
>
> security.protocol = SSL
> ssl.truststore.location = "/var/private/ssl/kafka.client.truststore.jks"
> ssl.truststore.password = "test1234"
>
> If you prefer you can pass these on the command line too with the
> producer/consumer-property option too.
>
> There’s some documentation here <
> http://docs.confluent.io/2.0.0/kafka/ssl.html#configuring-kafka-clients>
> if you’d like more info.
>
> All the best
>
> Ben
>
>
> > On 9 Dec 2015, at 14:17, Ritesh Sinha <ku...@gmail.com>
> wrote:
> >
> > Hi,
> >
> >
> > I am following the kafka documentation to create encryption and
> > authentication while sending message to kafka by ssl
> >
> > I got stuck at these commands
> >
> > kafka-console-producer.sh --broker-list localhost:9093 --topic test
> > --producer.config *client-ssl.properties*
> >
> > kafka-console-consumer.sh --bootstrap-server localhost:9093 --topic
> > test --new-consumer --consumer.config *client-ssl.properties*
> >
> > *I*t is asking for *client-ssl.properties* for producer and consumer
> > config. I am not sure what these files are.I am able to follow these
> > steps :
> >
> > Generate SSL key and certificate for each Kafka broker
> > Creating your own CA
> > <http://kafka.apache.org/documentation.html#security_ssl_ca>
> > Signing the certificate
> > Configuring Kafka Brokers
> >
> > Can anyone help me in understanding what file does producer config needs
> > exactly?
> >
> > Thanks in Advance
>
>
Re: Doubt regarding Encryption and Authentication using SSL
Posted by Ben Stopford <be...@confluent.io>.
Hi Ritesh
You just need to create yourself a text file called client-ssl.properties or similar in the directory your running from. In that file you put your SSL client information. Something like this:
security.protocol = SSL
ssl.truststore.location = "/var/private/ssl/kafka.client.truststore.jks"
ssl.truststore.password = "test1234"
If you prefer you can pass these on the command line too with the producer/consumer-property option too.
There’s some documentation here <http://docs.confluent.io/2.0.0/kafka/ssl.html#configuring-kafka-clients> if you’d like more info.
All the best
Ben
> On 9 Dec 2015, at 14:17, Ritesh Sinha <ku...@gmail.com> wrote:
>
> Hi,
>
>
> I am following the kafka documentation to create encryption and
> authentication while sending message to kafka by ssl
>
> I got stuck at these commands
>
> kafka-console-producer.sh --broker-list localhost:9093 --topic test
> --producer.config *client-ssl.properties*
>
> kafka-console-consumer.sh --bootstrap-server localhost:9093 --topic
> test --new-consumer --consumer.config *client-ssl.properties*
>
> *I*t is asking for *client-ssl.properties* for producer and consumer
> config. I am not sure what these files are.I am able to follow these
> steps :
>
> Generate SSL key and certificate for each Kafka broker
> Creating your own CA
> <http://kafka.apache.org/documentation.html#security_ssl_ca>
> Signing the certificate
> Configuring Kafka Brokers
>
> Can anyone help me in understanding what file does producer config needs
> exactly?
>
> Thanks in Advance