![using a .pem key for authentication rbrowser using a .pem key for authentication rbrowser](https://present5.com/presentation/534fb19deda8d661a65743880572bcb7/image-22.jpg)
as well as any intermediary CA certificatesįor more details about the certificate chain see the Common gotchas section below.Next, points to a file that should contain the following: and properties tell Kafka in which format we are providing the certificates and the truststore. Here’s how the ssl section of the properties file should look: security.protocol=SSL This approach makes it easy to transition from PKCS12 files to PEM files. If you already use mTLS authentication towards Kafka, then the easiest way to transition towards PEM certificates is to use them as files, replacing the java keystore and truststore you use today. Producer = new KafkaProducer(properties) Providing certificates as files Properties.put(SslConfigs.SSL_TRUSTSTORE_CERTIFICATES_CONFIG, "")
![using a .pem key for authentication rbrowser using a .pem key for authentication rbrowser](https://venturebeat.com/wp-content/uploads/2017/12/4-appletv.jpg)
Properties.put(SslConfigs.SSL_TRUSTSTORE_TYPE_CONFIG, "PEM") Properties.put(SslConfigs.SSL_KEY_PASSWORD_CONFIG, "")
Using a .pem key for authentication rbrowser password#
key password is needed if the private key is encrypted Properties.put(SslConfigs.SSL_KEYSTORE_KEY_CONFIG, "") Properties.put(SslConfigs.SSL_KEYSTORE_TYPE_CONFIG, "PEM") Properties.put(CommonClientConfigs.SECURITY_PROTOCOL_CONFIG, "SSL") Properties.put(ProducerConfig.BOOTSTRAP_SERVERS_CONFIG, "localhost:9092") Java clients use exactly the same properties, but constants help with readability: Properties properties = new Properties() Your private key goes into field, while the password for the private key (if you use one) goes to field. For more details on this see the Common gotchas section below. Note that needs to contain your signed certificate as well as all the intermediary CA certificates. =-BEGIN CERTIFICATE-\nMICC.\n-END CERTIFICATE. =-BEGIN ENCRYPTED PRIVATE KEY-\n.\n-END ENCRYPTED PRIVATE KEY. =-BEGIN CERTIFICATE-\nMIIDZjC.\n-END CERTIFICATE. Here’s how the SSL section of the properties file should look: security.protocol=SSL If you’re providing them as single-line strings, you must transform the original multiline format to a single line by adding the line feed characters ( \n ) at the end of each line. You can add certificates directly to the configuration file of your clients or brokers. Providing certificates as strings Brokers and CLI tools Example of Kafka SSL setup with PEM certificates.Common gotchas when setting up a certificate chain.