I have configured a Kafka cluster on Kubernetes using Strimzi. Using this article - https://itnext.io/kafka-on-kubernetes-the-strimzi-way-part-2-43192f1dd831 But the security service in my company does not want to deploy this solution in UAT with a self-signed certificate. Could you please tell me can I import our trust certificate from a trusted surf center into this Kafka solution.
I add this section in my yml file refer https://strimzi.io/docs/operators/master/using.html#kafka-listener-certificates-str configuration: brokerCertChainAndKey: secretName: es-kafka-secret certificate: certificate.crt key: certificate.key
But when I test I had error
[thrd:ssl://104.42.195.73:9094/bootstrap]: ssl://104.42.195.73:9094/bootstrap: SSL handshake failed: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed: broker certificate could not be verified, verify that ssl.ca.location is correctly configured or root CA certificates are installed (install ca-certificates package) (after 377ms in state CONNECT)
panic: interface conversion: kafka.Event is kafka.Error, not *kafka.Message
goroutine 38 [running]:
main.main.func2(0xc421004060)
/root/kafka-kubernetes-strimzi/part-3/go-client-app/kafka-tls-auth-client.go:85 +0x2a5
created by main.main
/root/kafka-kubernetes-strimzi/part-3/go-client-app/kafka-tls-auth-client.go:74 +0x109
And how after adding my certificate I can check the connection?
Could you please help me? Thanks.
As described in the Strimzi documentation - you have two options to choose from:
Once you configure it, you can check whether it was correctly applied for example using OpenSSL (
openssl s_client ...). Or you can use the Java clients and set the Java system propertyjavax.net.debugto valuessl- that would also print the details about the TLS handshake, the used certificates etc.