SSL Security Configuration

Describes how to configure Kafka REST security.

Secure by Default

As of release 6.0, the Data Fabric Installer performs the Kafka REST configuration for new installations. This means that:
  • If Data Fabric core is installed as secure, then Kafka REST is also installed as secure.
  • If Data Fabric core is installed as insecure, then Kafka REST is also installed as insecure.

Manually Securing Kafka REST Only

CAUTION
This configuration is not a typical configuration.

If you have an insecure Data Fabric cluster, and you want to secure Kafka REST, do the following:

  1. Generate the server and client certificates.
  2. Add any necessary property configurations to the kafka-rest.properties configuration file. For example:
    listeners=http://0.0.0.0:8082,https://0.0.0.0:8085 
                ssl.keystore.location=<ssl-keystore-path>
                ssl.keystore.password=<ssl-keystore-password> 
                ssl.key.password=<ssl-keystore-password>
  3. Restart Kafka REST.
    maprcli node services -name kafka-rest -action restart -nodes <space delimited list of nodes>
  4. Run a curl command to ensure that HTTPS is enabled.
    curl -X GET https://node1:8085/streams/%2Ftesting/topics --cacert <certificate-path>

Manually Unsecuring Kafka REST

WARNING
This scenario is NOT recommended or supported.

If you have an secure Data Fabric cluster, and you want to insecure Kafka REST, do the following:

  1. In the kafka-rest.properties configuration file, change https:// to http:// for the listeners and remove the ssl.* properties. For example:
    listeners=http://0.0.0.0:8082
  2. Restart Kafka REST.
    maprcli node services -name kafka-rest -action restart -nodes <space delimited list of nodes>