Configuring Kafka to Use an SSL Security Certificate
Using SSL encryption, you can ensure that agents securely connect to the Kafka server.
You can configure the encryption using the server configuration file /etc/saymon/saymon-server.conf
and the agent configuration file <agent installation folder>/conf/agent.properties
.
In the server configuration file, use the Kafka section to set values for the following parameters:
-
kafka.ssl - paths to key and certificate files in the following format:
"kafka" : { ... "ssl": { "certFile": "/opt/kafka/for-saymon-server/cert.pem", "keyFile": "/opt/kafka/for-saymon-server/key.pem" }, ... }
To apply the changes, you need to restart the saymon server service:
sudo service saymon-server restart
In the agent configuration file, you need to set values for the following parameters:
-
server.secure - agent connection to Kafka server in TLS encryption mode:
server.secure=true
-
kafka.security.protocol - protocol used for communication with brokers:
kafka.security.protocol=SSL
When using SSL certificates from public certification authorities:
-
kafka.ssl.truststore.location - location of the key file in the truststore.
-
kafka.ssl.truststore.password - password for the truststore file. If the password is not specified, the key file will be used but without the integrity check.
When using self-signed SSL certificates:
-
server.ca.certificate - PEM certificate value in text.
-
server.ca.location - path to the file in PEM format.