Community Articles

The video provides the steps to connect to the Kafka server using SASL_SSL protocol.

Open the video on YouTube here

To connect to Kafka server using SASL_SSL protocol using one way SSL, do the following:

Server side

1. Configure the following properties in Ambari server > Kafka > config > Custom kafka-broker.

   ssl.keystore.location=path-to-your-keystore
   ssl.keystore.password=keystore-password
   ssl.truststore.location=path-to-your-truststore
   ssl.truststore.password=keystore-password

2. Under Ambari server > Kafka > config > Kafka Broker > Listeners can add the security protocol as: SASL_SSL://localhost:<port>
3. Since this is a one way SSL communication between client-server, ensure to have enabled the property ssl.client.auth=none. This means that a client authentication is not required. By default this property is set to None. This can be double checked from Ambari console > Kafka > Configs. The same can be searched using the filter text box at the top right of the service screen.

Client Side

1. Create a file client.properties with the following content:

   ssl.truststore.location=<pathToTrustStore> // This file must contain server rootCA
   ssl.truststore.password=<trustStore password>

2. Get a valid Kerberos ticket and execute new producer/consumer API as follows:

Producer

/usr/hdp/current/kafka-broker/bin/kafka-console-producer.sh --broker-list <brokerHost>:<brokerSASL_SSLPort> 
--topic <topicName> --producer.config <path_To_client.properties> --security-protocol SASL_SSL

Consumer

/usr/hdp/current/kafka-broker/bin/kafka-console-consumer.sh --bootstrap-server <brokerHost>:<brokerSASL_SSLPort> 
--topic <topicName> --consumer.config <path_To_client.properties> --security-protocol SASL_SSL