Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search

Need help with SSL config in Nifi - ConsumeKafka

Labels:
avatar
author-rank Deepika_Gaddam
New Contributor

Created ‎07-13-2021 12:53 AM

I am using Nifi with Local setup . I am using 'consumeKafka' Processor

In configuration I am specifying

Kafka broker : Client_specified_broker ,
Security Protocol : SASL_SSL ,
SASL Mechanism : Plain ,
Username : SSL username ,
Password : SSL password ,
SSL Context Service : StandardSSLContextService ,
Topic : Topic From which data is consumed ,
Group_id : test

I dont see any keystore or truststore credentials with Confluent Kafka broker I am using . How to configure ConsumeKafka Processor and also please let me know if there are any setting to be done with Nifi so that it could read messages from SSL encrypted Kafka broker

 

2,845 Views
0 Kudos
2 REPLIES 2

avatar
author-rank adhishankarit
Contributor

Created ‎07-13-2021 06:52 AM

Hi Deepika,

 

I assume that you are using ConsumeKafka OR ConsumeKafka2.0 version NiFi processor ,when you select option in SSL Context Service as StandardSSLContextService then you have to select right arrow as indicated below image .

 

ConsumeKafka.PNG

 

Properties of StandardSSLContextService will be prompted to you and you can enter the values of the properties Keystore Filename,Keystore Password,Key Password,Truststore Filename,Truststore Type. etc. 

 

StandardSSLContextService_Properties.PNG

 

After providing the values of the SSL properties , enable the Controller Service and start running the ConsumeKafka processor.

 

ConsumeKafka2.0 processor properties

ConsumeKafka2.0.PNG

Please update if above steps expected and works.

 

Thanks

2,828 Views
0 Kudos

avatar
author-rank Ranveer
New Contributor

Created ‎04-05-2022 12:44 AM

Even this is old thread updating .

add 

java-home/bin/keytool -genkey -alias server-alias -keyalg RSA -keypass changeit
-storepass changeit -keystore keystore.jks


java-home/bin/keytool -export -alias server-alias -storepass changeit
-file server.cer -keystore keystore.jks

This need to be configured on NiFI instance.
 
2,484 Views
0 Kudos
Announcements
What's New @ Cloudera
[RELEASED] Cloudera Streams Messaging - Kubernetes Operator ...
What's New @ Cloudera
[RELEASED] Cloudera Streaming Analytics 1.14 for Cloudera Pu...
What's New @ Cloudera
Cloudera Data Engineering 1.23: Access Spark from Your Favor...
What's New @ Cloudera
HBase REST server scaling support is Generally Available
What's New @ Cloudera
New CLI option in the update-database command
View More Announcements