[
https://issues.apache.org/jira/browse/KAFKA-1690?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14652678#comment-14652678
]
Rajasekar Elango commented on KAFKA-1690:
-----------------------------------------
[~harsha_ch] Thanks for documentation, I tried to run this locally and here are
my observations.
1. On kafka server.properties, I had to remove quotes for SSL properties to
make it work. For eg when I had ssl.keystore.type = "JKS"; I got
org.apache.kafka.common.KafkaException: java.security.KeyStoreException: "JKS"
not found, when I changed to ssl.keystore.type = JKS , it worked, I had to do
this for all ssl properties. Not sure if its just me, can you confirm if it
works with quotes?
2. Console producer worked in secure mode, but I need to specify keystore
location and password in addition to truststore, I guess documentation need to
be updated.
3. Console consumer works in plaintext mode, not sure how to force SSL, I added
--property security.protocol=SSL, It seem to be ignored, can you provide an
example?
I would suggest moving all SSL related configurations to separate ssl config
file for broker and producer/consumer. Reason I ask is ssl properties contains
secret information like passwords that need to be stored in secure location. If
it's part of kafka server.properties we can't keep it in source control and we
need keep whole kafka server.properties in secure location. So it's better to
accept ssl.config.location as property in server.properties and read all ssl
properties from there. The same applies to producer/consumer,
producer/consumer.properties can be in source control while security properties
can be pulled from secure location. It will also simplify running
console-producer/console-consumer easily with one ssl.config.location option
instead of bunch of ssl properties.
> new java producer needs ssl support as a client
> -----------------------------------------------
>
> Key: KAFKA-1690
> URL: https://issues.apache.org/jira/browse/KAFKA-1690
> Project: Kafka
> Issue Type: Sub-task
> Reporter: Joe Stein
> Assignee: Sriharsha Chintalapani
> Fix For: 0.8.3
>
> Attachments: KAFKA-1690.patch, KAFKA-1690.patch,
> KAFKA-1690_2015-05-10_23:20:30.patch, KAFKA-1690_2015-05-10_23:31:42.patch,
> KAFKA-1690_2015-05-11_16:09:36.patch, KAFKA-1690_2015-05-12_16:20:08.patch,
> KAFKA-1690_2015-05-15_07:18:21.patch, KAFKA-1690_2015-05-20_14:54:35.patch,
> KAFKA-1690_2015-05-21_10:37:08.patch, KAFKA-1690_2015-06-03_18:52:29.patch,
> KAFKA-1690_2015-06-23_13:18:20.patch, KAFKA-1690_2015-07-20_06:10:42.patch,
> KAFKA-1690_2015-07-20_11:59:57.patch, KAFKA-1690_2015-07-25_12:10:55.patch
>
>
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
