Configuring Kafka to Use an SSL Security Certificate

Using SSL encryption, you can ensure that agents securely connect to the Kafka server.

You can configure the encryption using the server configuration file /etc/saymon/saymon-server.conf and the agent configuration file <agent installation folder>/conf/agent.properties.

In the server configuration file, use the Kafka section to set values for the following parameters:

kafka.ssl - paths to key and certificate files in the following format:

"kafka" : {
...
    "ssl": {
        "certFile": "/opt/kafka/for-saymon-server/cert.pem",
        "keyFile": "/opt/kafka/for-saymon-server/key.pem"
    },
...
}

To apply the changes, you need to restart the saymon server service:

sudo service saymon-server restart

In the agent configuration file, you need to set values for the following parameters:

server.secure - agent connection to Kafka server in TLS encryption mode:

server.secure=true
kafka.security.protocol - protocol used for communication with brokers:

kafka.security.protocol=SSL

When using SSL certificates from public certification authorities:

kafka.ssl.truststore.location - location of the key file in the truststore.
kafka.ssl.truststore.password - password for the truststore file. If the password is not specified, the key file will be used but without the integrity check.

When using self-signed SSL certificates:

server.ca.certificate - PEM certificate value in text.
server.ca.location - path to the file in PEM format.