我尝试使用以下方案 Build SSL kafka多节点群集设置:
3 zookeepers, 3 kafka
SSL连接正在 Build 3名动物园管理员和1名 Kafka . 每当我试图让第二个 Kafka 活跃时,2 Kafka 之间的握手就失败了 . 所以有人可以建议我如何实现这一目标吗?
这是kafka的server.properties文件
security.inter.broker.protocol=SSL
listeners=SSL://XX.XX.XXX.X:9092
advertised.listeners=SSL://XX.XX.XXX.X:9092
ssl.client.auth=required
ssl.keystore.location=/HOME/kafka.server.keystore.jks
ssl.keystore.password=XXX
ssl.key.password=XXX
ssl.truststore.location=/HOME/kafka.server.truststore.jks
ssl.truststore.password=XXX
这是keygeneration.sh文件
#!/bin/bash
PASSWORD=xxxx
VALIDITY=365
keytool -keystore kafka.server.keystore.jks -alias xx.xx.xx.x -validity $VALIDITY -genkey
openssl req -new -x509 -keyout ca-key -out ca-cert -days $VALIDITY
keytool -keystore kafka.server.truststore.jks -alias CARoot -import -file ca-cert
keytool -keystore kafka.client.truststore.jks -alias CARoot -import -file ca-cert
keytool -keystore kafka.server.keystore.jks -alias xx.xx.xx.x -certreq -file cert-file
openssl x509 -req -CA ca-cert -CAkey ca-key -in cert-file -out cert-signed -days $VALIDITY -CAcreateserial -passin pass:$PAS$
keytool -keystore kafka.server.keystore.jks -alias CARoot -import -file ca-cert
keytool -keystore kafka.server.keystore.jks -alias xx.xx.xx.x -import -file cert-signed
keytool -keystore kafka.client.keystore.jks -alias xx.xx.xx.x -validity $VALIDITY -genkey
keytool -keystore kafka.client.keystore.jks -alias xx.xx.xx.x -certreq -file cert-file
openssl x509 -req -CA ca-cert -CAkey ca-key -in cert-file -out cert-signed -days $VALIDITY -CAcreateserial -passin pass:$PAS$
keytool -keystore kafka.client.keystore.jks -alias CARoot -import -file ca-cert
keytool -keystore kafka.client.keystore.jks -alias xx.xx.xx.x -import -file cert-signed