Kafka SSL: Client Authentication— Part 2
Published in
1 min readMay 10, 2020
In the previous post, we did an SSL encryption that already enables 1-way authentication in which the client authenticates the server certificate. For implementing client authentication, client need to present it’s certificate to broker for authenticatation.
Setup Kafka broker:
We will use the same setup as in the previous post but Kafka broker needs an additional property to enforce the client to use SSL.
version: '3.5'
services:
zookeeper:
image: "wurstmeister/zookeeper:latest"
ports:
- "2181:2181"
kafka:
image: wurstmeister/kafka:2.12-2.2.0
depends_on:
- zookeeper
ports:
- "9092:9092"
environment:
KAFKA_ADVERTISED_LISTENERS: 'SSL://kafka:9092'
KAFKA_LISTENERS: 'SSL://0.0.0.0:9092'
KAFKA_AUTO_CREATE_TOPICS_ENABLE: 'true'
KAFKA_ZOOKEEPER_CONNECT: 'zookeeper:2181'
KAFKA_SSL_KEYSTORE_LOCATION: '/certs/kafka.server.keystore.jks'
KAFKA_SSL_KEYSTORE_PASSWORD: 'serverpassword'
KAFKA_SSL_KEY_PASSWORD: 'serverpassword'
KAFKA_SSL_TRUSTSTORE_LOCATION: '/certs/kafka.server.truststore.jks'
KAFKA_SSL_TRUSTSTORE_PASSWORD: 'serverpassword'
KAFKA_SSL_CLIENT_AUTH: 'required'
# KAFKA_SSL_ENDPOINT_IDENTIFICATION_ALGORITHM: ''
KAFKA_SECURITY_INTER_BROKER_PROTOCOL: 'SSL'
volumes:
- ./server_certs:/certsSetup Kafka client:
We need to do the same setup for our client, as we did for the broker in the previous blog. Please follow README.md for setup cluster and running the sample application. https://github.com/jinternals/kafka_ssl_setup/tree/master/Part%202
Source Code :
https://github.com/jinternals/kafka_ssl_setup/tree/master/Part%202
