Open jkga007 opened 5 years ago
have you resolved this issue?
The args required to enable tls/ssl could be
- --tls.insecure-skip-tls-verify --log.enable-sarama --sasl.enabled --sasl.handshake --sasl.username=kafkabroker --sasl.password=brokerpassword --tls.enabled --web.listen-address=:9308 --tls.ca-file=ca.pem --tls.cert-file=cert.pem --tls.key-file=key.pem
The app uses the caRoot, cert and key file. One needs to create these files from Keystore file instead of using Keystore file directly. The below commands helps you to crreate the file.
keytool -importkeystore -srckeystore $KEYSTORE_FILE -destkeystore keystore.p12 -deststoretype PKCS12 -srcstorepass $PASSWORD -deststorepass $PASSWORD -noprompt
openssl pkcs12 -in keystore.p12 -nocerts -out key.pem -passin pass:$PASSWORD -passout pass:$PASSWORD -nodes
openssl pkcs12 -cacerts -nokeys -in keystore.p12 -out ca.pem -passin pass:$PASSWORD
openssl pkcs12 -clcerts -nokeys -in keystore.p12 -out cert.pem -passin pass:$PASSWORD
@Gangareddy, Hi ,Following your methood, I met a problem as below.
F0515 13:38:55.995480 22998 kafka_exporter.go:893] tls: failed to parse private key
I used openssl command to check the key.pem as below.
openssl rsa -check -in /usr/local/kafka/cert/key.pem
140067303110544:error:0607907F:digital envelope routines:EVP_PKEY_get1_RSA:expecting an rsa key:p_lib.c:287:
what did I miss? thanks.
in my site,i use ssl to connect kafka cluster eg: security.protocol=SSL ssl.truststore.location=/kafka-ssl-client/client_java_client.truststore.jks ssl.keystore.location=/client_java_client.keystore.jks ssl.truststore.password=test ssl.keystore.password=test ssl.key.password=test how can i use kafka_exporter to connect success?