Is it possible to use Kafka with SSL encryption but with no server verification nor client authentication? I know that by default the latter is disabled, but is it possible to also disable the former?
Asked
Active
Viewed 1,088 times
1
-
Have you tried to use an `SSL` listener rather than `SASL_SSL`? – OneCricketeer Nov 16 '20 at 23:13
-
I tried SSL only. – Dolev Lazar Nov 17 '20 at 18:50
-
Okay, that doesn't have SASL authentication, so whats the issue? – OneCricketeer Nov 17 '20 at 19:30
-
The issue is that Kafka by default demands server verification, i.e. that the client will know the server's certificate for the handshake to succeed. – Dolev Lazar Nov 17 '20 at 20:55
-
Sure, but that sounds like the job of the certificate authority, not necessarily Kafka. Any keypair is going to require some handshake protocol – OneCricketeer Nov 18 '20 at 02:07
-
but let's say I don't have certificate authority and I'm using self signed certificates, is there a way to ignore certificate verification errors? – Dolev Lazar Nov 18 '20 at 12:41
-
I'm not aware of any feature specific to Kafka for that. [That might be a JVM flag](https://stackoverflow.com/a/4663241/2308683) – OneCricketeer Nov 18 '20 at 15:02
-
I've completely forgot to thank you for all your help, @OneCricketeer! you really helped, thanks a lot! – Dolev Lazar Nov 18 '20 at 20:59
1 Answers
0
I encountered the similar problem. Since kafka is a java process, it will load the default jdk certs when running, which is under /usr/local/jdk/jre/lib/security/cacerts. if your server is trusted there, (in my scenario, my kakfa server is MSK, and is trusted already), then you don't have to config all the keys and certs.
So all in all, I only added kafka config of security.protocol=SSL and it worked.
rosa
- 87
- 1
- 3