You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@kafka.apache.org by karan alang <ka...@gmail.com> on 2017/09/05 21:41:14 UTC
Kafka SSL - console-consumer on node5 not receiving messages from
producer on node4
Hi All -
I've Kafka 0.10 .. I've enabled SSL(Non-kerberized) for Kafka Broker on
Node 4, and *i'm able to produce/consume messages using console-producer &
console-consumer from Node 4.*
However, i'm having issues enabling ssl connection between Node 4 & Node 5
& try to consume messages from Node5 (using console-consumer), i'm facing
issues.
here are the steps -
On node4 : Started console-producer, publishing on SSL port (9192)
1. $CONFLUENT/bin/kafka-console-producer --broker-list node4:9192
--topic ssl --producer.config client-ssl.properties
Started console-consumer on node4, consuming messages from console producer
(port 9192)
1. $CONFLUENT/bin/kafka-console-consumer --bootstrap-server
node4:9192 --topic ssl --new-consumer --consumer.config
client-ssl.properties
contents of client-ssl.properties ---------------------------------
1. security.protocol=SSL
2. ssl.truststore.location=/usr/hdp/2.5.3.0-37/confluent-3.2.2/kafkaSSL/kafka.client.truststore.jks
3. ssl.truststore.password=<passwd>
4. ssl.keystore.location=/usr/hdp/2.5.3.0-37/confluent-3.2.2/kafkaSSL/kafka.client.keystore.jks
5. ssl.keystore.password=<passwd>
6. ssl.key.password=<passwd>
*This is working fine, and consumer is able to consumer messages produced
by the producer.*
On Node5, i've another Kafka instance, i start another console-consumer
from Node5, for consuming the data from console-producer in node4
*To enable SSL (between client on Node5 & Broker on Node4),*
Steps on Node 4 ->
1) create kafka.client05.keystore.jks (*set the CN -> Node5*)
1. keytool -keystore kafka.client05.keystore.jks -alias localhost
-validity 365 -genkey
- Export certificate from keystore
1. keytool -keystore kafka.client05.keystore.jks -alias localhost
-certreq -file cert05-file
- Get certificate signed by CA
1. openssl x509 -req -CA ca-cert -CAkey ca-key -in cert05-file -out
cert05-signed -days 365 -CAcreateserial -passin pass:<passwd>
- Import the CA Certificate & Signed certificate into the keystore
1. keytool -keystore kafka.client05.keystore.jks -alias CARoot
-import -file ca-cert
2. keytool -keystore kafka.client05.keystore.jks -alias localhost
-import -file cert05-signed
Add the generated CA to the client's truststore
1. keytool -keystore kafka.client05.truststore.jks -alias CARoot
-import -file ca-cert
On Node5, i do the same steps above,and start the console-consumer (to read
data produced by console-producer on node4)
1. $CONFLUENT1/bin/kafka-console-consumer --bootstrap-server
node4:9192 --topic ssl --new-consumer --consumer.config
client-ssl.properties
This is not working.. what do i need to make this work ?