I am trying to setup TLS for kafka broker. I have followed the steps here and able to setup the Kafka with TLS. (In log, I see SSL entry for the configured port).
Now I am facing the issue with connecting the producer/consumer.
I created a client keystore using the below command,
keytool -keystore client.keystore.jks -alias localhost -validity 365 -keyalg RSA -genkey
Added the CA cert to the keystore,
keytool -keystore client.keystore.jks -alias CARoot -import -file ca-cert
Ran the below command in the client, where the ca-cert
is the certificate used on the server.
keytool -keystore client.truststore.jks -alias CARoot -import -file ca-cert
keytool -keystore client.keystore.jks -alias localhost -validity 365 -keyalg RSA -genkey
keytool -keystore client.keystore.jks -alias CARoot -import -file ca-cert
Added the below config in the producer.properties
ssl.truststore.location=path to client.truststore.jks
ssl.keystore.location=path to client.keystore.jks
Ran kafka-console-producer
kafka-console-producer.sh --broker-list --topic test --producer.config ../config/producer.properties
But I am getting the below error when running the util,
WARN Connection to node -1 terminated during authentication. This may indicate that authentication failed due to invalid credentials. (org.apache.kafka.clients.NetworkClient)
Suspecting that I am missing something in the client config. Any help would be greatly appreciated.
Are you trying with client side certificate ? Rather I would recommend, try without client certificate. In that case you only need below entries,
Read more about it here - http://kafka.apache.org/documentation/#security_configclients
For client authentication kafka uses SASL, This part of the document covers it clearly - http://kafka.apache.org/documentation/#security_sasl