SSL Security Configuration
Describes how to configure Kafka REST security.
Secure by Default
As of release 6.0, the Data Fabric Installer performs the
Kafka REST configuration for new installations. This means that:
- If Data Fabric core is installed as secure, then Kafka REST is also installed as secure.
- If Data Fabric core is installed as insecure, then Kafka REST is also installed as insecure.
Manually Securing Kafka REST Only
CAUTION
This configuration is not a typical configuration.If you have an insecure Data Fabric cluster, and you want to secure Kafka REST, do the following:
- Generate the server and client certificates.
- Add any necessary property configurations to the
kafka-rest.properties
configuration file. For example:listeners=http://0.0.0.0:8082,https://0.0.0.0:8085 ssl.keystore.location=<ssl-keystore-path> ssl.keystore.password=<ssl-keystore-password> ssl.key.password=<ssl-keystore-password>
- Restart Kafka
REST.
maprcli node services -name kafka-rest -action restart -nodes <space delimited list of nodes>
- Run a curl command to ensure that HTTPS is enabled.
curl -X GET https://node1:8085/streams/%2Ftesting/topics --cacert <certificate-path>
Manually Unsecuring Kafka REST
WARNING
This scenario is NOT recommended or supported.If you have an secure Data Fabric cluster, and you want to insecure Kafka REST, do the following:
- In the
kafka-rest.properties
configuration file, change https:// to http:// for the listeners and remove the ssl.* properties. For example:listeners=http://0.0.0.0:8082
- Restart Kafka
REST.
maprcli node services -name kafka-rest -action restart -nodes <space delimited list of nodes>