You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@kafka.apache.org by Namita Jaokar <ja...@gmail.com> on 2022/10/03 11:56:23 UTC

Apache Kafka: Encryption and Authentication

Hi All,

I am trying to implement encryption and authentication using SSL with my
kafka broker.

 I am able to successfully generate trustore and cecert and cakey files.

But while proceeding with the signing of the certificate with CA I'm unable
to get through the parameters.
Below is the command for signing certificate

openssl ca -config openssl-ca.cnf -policy signing_policy -extensions
signing_req -out *{server certificate}* -infiles *{certificate signing
request}*

{server certificate} I assume is the server.trustore.jks file. But not sure
what the value for {certificate signing request} should be. Can someone
please guide me through this?

In the last step , We need to import self signed certificates and CA cert
into  keystore. Below are the commands provided in the documentation.

keytool -keystore {keystore} -alias CARoot -import -file {CA certificate} I
assume {CA certificate} *value would be the cacert.pem that is generated in
the steps prior and {keystore} would be server.keystore.jks*
keytool -keystore {keystore} -alias localhost -import -file cert-signed. *What
is cert-signed in this case?*

Can someone please help me with the above steps.

Thanks & Regards,
Namita