Search code examples
sql-serversslapache-kafkajdbcapache-kafka-connect

Kafka Connect SqlServer Configuration (SSL)


I have a connector of JdbcSourceConnector that try to connect to SQL Server Database by using the next config in the url "encrypt=false;trustServerCertificate=false;" because of its an old version and its required to connect.

I realized that this only works by executing update-crypto-policies --set LEGACY on my docker container shell but now that I migrate to production with SSL all over Kafka ecosystem the above command affects security and don't leave connect or even see the brokers instead of only affect the connector or driver (this happens after the execution of the command, before that all it's working properly).

I'm just thinking how to overcome those issues. Any advices? Maybe configuring the Java base image of my docker container? All suggestions are welcome.

{
    "name": "ssqlsource",
    "config": {
        "connector.class": "io.confluent.connect.jdbc.JdbcSourceConnector",
        "tasks.max": "1",
        "connection.url": "jdbc:sqlserver://mydb:1433;databaseName=user;encrypt=false;trustServerCertificate=false;",
        "connection.user": "user",
        "connection.password": "password",
        "mode": "timestamp",
        "timestamp.column.name": "addDate",  
        "topic.prefix": "sn_user",
        "table.whitelist": "user.dbo.sn_user",
        "schema.history.internal.kafka.bootstrap.servers": "kafka:9092",
        "schema.history.internal.kafka.topic": "schema-changes.user",
        "transforms": "route",
        "transforms.route.type": "org.apache.kafka.connect.transforms.RegexRouter",
        "transforms.route.regex": "([^.]+)\\.([^.]+)\\.([^.]+)",
        "transforms.route.replacement": "$3"
    }
}

Regards, Rigoberto C.


Solution

  • The problem on production was the certifcates doesn't match with the host used on my JdbcSourceConfig configuration. If they match you will be able to use update-crypto-policies --set LEGACY

    Note. Don't forget to be careful with the security, it's better to use a different approach to handle this situation instead of what I'm applying. And also set your logger level correctly because mine was not properly configured and that was the reason why I didn't catch the error before.

    Regards,