Enabling SSL/TLS Encryption and Authentication

When the Kafka cluster uses the Kafka SSL security protocol and requires client authentication, enable the Kafka stage to use SSL/TLS encryption and authentication.

Before you enable a Kafka stage to use SSL/TLS encryption and authentication, make sure that you have performed all necessary prerequisite tasks. Then, perform the following steps to enable the stage to use SSL/TLS encryption and authentication to connect to Kafka.

  1. On the General tab of the stage, set the Stage Library property to the appropriate Kafka version.

    If configuring a Kafka Consumer origin for a Kafka YARN cluster pipeline, set the property to Kafka version 0.10.0.0 or later.

  2. On the Kafka tab of the stage, configure each Kafka broker URI to use the SSL/TLS port.

    The default SSL/TLS port number is 9093.

  3. On the Security tab, configure the following properties:
    Security Property Description
    Security Option Set to SSL/TLS Encryption and Authentication (Security Protocol=SSL).
    Truststore Type Type of truststore to use. Use one of the following types:
    • Java Keystore File (JKS)
    • PKCS #12 (p12 file)

    Default is Java Keystore File (JKS).
    Truststore File Path to the truststore file. Enter an absolute path to the file or enter the following expression to define the file stored in the Data Collector resources directory:

    ${runtime:resourcesDirPath()}/keystore.jks
    Truststore Password Password to the truststore file.
    Tip: To secure sensitive information such as passwords, you can use runtime resources or credential stores.credential stores. For more information about credential stores, see Credential Stores in the Data Collector documentation.
    Keystore Type Type of keystore to use. Use one of the following types:
    • Java Keystore File (JKS)
    • PKCS #12 (p12 file)

    Default is Java Keystore File (JKS).
    Keystore File Path to the keystore file. Enter an absolute path to the file or enter the following expression to define the file stored in the Data Collector resources directory:

    ${runtime:resourcesDirPath()}/keystore.jks
    Keystore Password Password to the keystore file.
    Key Password Password for the key in the keystore file.
    Tip: To secure sensitive information such as passwords, you can use runtime resources or credential stores.credential stores. For more information about credential stores, see Credential Stores in the Data Collector documentation.
    Enabled Protocols Comma-separated list of protocols used to connect to the Kafka brokers. Ensure that at least one of these protocols is enabled in the Kafka brokers.
    Note: Older protocols are not as secure as TLSv1.2.
    Note: In Data Collector Edge pipelines, when you configure a Kafka Producer destination, enter an absolute path for the truststore and keystore files that use the PEM format.