Configure Kafka client with ca cert (.crt or .pem)

Question

I am using debezium to configure kafka connect using SASL_SSL. While the SASL authentication configuration I could do like below:

security.protocol=SASL_SSL
sasl.mechanism=SCRAM-SHA-256
sasl.jaas.config=org.apache.kafka.common.security.scram.ScramLoginModule required username=${KAFKA_USERNAME} password=${KAFKA_PASSWORD};"

I could not find any documentation around configuring CA location using .crt or pem file. In C# or Python clients based on librdkafka I can set below properties:

ssl.ca.location = 'path/to/ca/file/ca-bundle.crt (pem also works)

However for Java clients(debezium based on Java) I see only truststore in jks format. How do I configure it to use similar to client's mentioned above ? Is something like below valid for java clients?

ssl.truststore.type = PEM
ssl.truststore.location='path/to/ca/file/ca-bundle.crt'

score 0 · Answer 1 · answered Oct 11 '21 at 14:59

0

Java truststores and keystores can only be JKS files. If you only have PEM/CRT files, you need to convert them

answered Oct 11 '21 at 14:59

OneCricketeer

179,855
19
132
245

Configure Kafka client with ca cert (.crt or .pem)

1 Answers1