How to use SSL connection

[jkga007]

in my site,i use ssl to connect kafka cluster
eg:
security.protocol=SSL
ssl.truststore.location=/kafka-ssl-client/client_java_client.truststore.jks
ssl.keystore.location=/client_java_client.keystore.jks
ssl.truststore.password=test
ssl.keystore.password=test
ssl.key.password=test
how can i use kafka_exporter to connect success?

[shankarsg]

have you resolved this issue?

[Gangareddy]

The args required to enable tls/ssl could be

- --tls.insecure-skip-tls-verify --log.enable-sarama --sasl.enabled --sasl.handshake --sasl.username=kafkabroker --sasl.password=brokerpassword --tls.enabled --web.listen-address=:9308 --tls.ca-file=ca.pem --tls.cert-file=cert.pem --tls.key-file=key.pem

The app uses the caRoot, cert and key file. One needs to create these files from Keystore file instead of using Keystore file directly. The below commands helps you to crreate the file.

pkcs 12

keytool -importkeystore -srckeystore $KEYSTORE_FILE -destkeystore keystore.p12 -deststoretype PKCS12 -srcstorepass $PASSWORD -deststorepass $PASSWORD -noprompt

Private Key

openssl pkcs12 -in keystore.p12 -nocerts -out key.pem -passin pass:$PASSWORD -passout pass:$PASSWORD -nodes

Ca

openssl pkcs12 -cacerts -nokeys -in keystore.p12 -out ca.pem -passin pass:$PASSWORD

Cert

openssl pkcs12 -clcerts -nokeys -in keystore.p12 -out cert.pem -passin pass:$PASSWORD

[zym-cicv]

@Gangareddy, Hi ,Following your methood, I met a problem as below.
F0515 13:38:55.995480 22998 kafka_exporter.go:893] tls: failed to parse private key

I used openssl command to check the key.pem as below.

openssl rsa -check -in /usr/local/kafka/cert/key.pem
140067303110544:error:0607907F:digital envelope routines:EVP_PKEY_get1_RSA:expecting an rsa key:p_lib.c:287:

what did I miss? thanks.