Enables 2 ways SSL communication on Kafka.
Note that Kafka only support 2 ways SSL with a SINGLE CA ROOT,
Port 9094 is 2 ways SSL client authenticated and encrypted.
- openssl
- keytool
- docker
- docker-compose
add to your /etc/hosts
127.0.0.1 kafka.docker.ssl
Generate the required certificates and keystores:
./generate-docker-kafka-ssl-certs.sh
Run Kafka and Zookeeper
docker-compose up
Verify the SSL connection
openssl s_client -debug -connect kafka.docker.ssl:9094 -tls1
In the output of this command you should see server's certificate, such as:
-----BEGIN CERTIFICATE-----
{variable sized random bytes}
-----END CERTIFICATE-----
subject=/C=US/ST=CA/L=Santa Clara/O=org/OU=org/CN=Sriharsha Chintalapani
issuer=/C=US/ST=CA/L=Santa Clara/O=org/OU=org/CN=kafka/emailAddress=test@test.com
Pick the client of your choice
cd clients/local
./local_producer.sh
cd clients/docker
./producer.sh
cd clients/node
npm i
node index.js
ssl.truststore.location=/var/private/ssl/kafka.server.truststore.jks
ssl.truststore.password=kafkadocker
ssl.keystore.location=/var/private/ssl/kafka.server.keystore.jks
ssl.keystore.password=kafkadocker
ssl.key.password=kafkadocker
ssl.client.auth=required
security.protocol=SSL
ssl.truststore.location=/certs/docker.kafka.client.truststore.jks
ssl.truststore.password=kafkadocker
ssl.keystore.location=/certs/docker.kafka.client.keystore.jks
ssl.keystore.password=kafkadocker
ssl.key.password=kafkadocker