stackoom
  简体   繁体   中英

SSL on all kafka cluster nodes

 原文  2017-09-25 11:44:57       ssl/ apache-kafka

Question

I am planning to deploy Kafka cluster. I have below query :

1) To secure producer and consumer communication with Kafka broker, SSL can be used. If I have a cluster of 9 brokers and 3 zookeeper nodes and if I do not want to use self-signed certificates, do I have to buy a certificate for each of the nodes (9 + 3 certs, way too costly)?

As I have read that producer/consumer contacts one of the broker nodes directly, without contacting zookeeper.

Thanks,

Viral

2 answers

solution1
 0  2017-09-25 11:49:37

Research "letsencrypt". You don't have to pay for trusted certificates. Also you can combine many domains/hostnames into one certificate

solution2
 0  2018-07-27 09:01:48

Yes you need to have certificate created per individual Kafka broker nodes on the cluster . So Keystore contains key and certificate of your broker , import this to truststore signed by CA . Similarlu If you signed the certificate with same CA on truststore then all the clients signed by this CA already know it's authorized .

Also if you enabled ssl.client.authorize enabled then client must have it's own Keystore (key+certifcate) signed by CA on truststore

I don't think zookeeper requires a certificate .

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Connection errors setting up SSL in Kafka cluster Ensuring rabbitmq cluster nodes are communicating through ssl KAFKA and SSL : java.lang.OutOfMemoryError: Java heap space when using kafka-topics command on KAFKA SSL cluster SSL Principal Mapping in Kafka Kafka on Kubernetes with SSL PySpark and Kafka with SSL kafka 2 way ssl authentication Kafka with SSL failed in producer kafka - ssl handshake failing SSL and PLAINTEXT in Kafka
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM