Where Do You Download the PEM Certificate in IBM Cloud

[jried31]

I'm trying to connect to IBM Cloud Event Streams using Node.JS. The example code uses the path to a PEM Certificate. However, I cannot find the link to download the PEM certificate for my Event Streams instance. I do see where I can use the API key and username/password combination.

Next, I attempted to use the parameters as per the example on IBM cloud (without any PEM Certificate) and the code errors with no error message. Could you please assist?

Constructor parameters: var producer = new Kafka.Producer({ 'broker.version.fallback': '0.10.0', 'bootstrap.servers': targetServers, 'security.protocol': 'SASL_SSL', 'log.connection.close' : false, 'ssl.protocol': 'TLSv1.2', 'sasl.mechanism': 'PLAIN', 'sasl.username': username, 'sasl.password': apiKey, 'client.id': 'testme' });

I also attempted to use the constructor here as per your example. Both failed: producer = new Kafka.Producer(producer_opts, topicOpts);

It seems as though that there is no way to download a certificate on IBM Cloud's Event Streams.

[mataralhawiti]

I'm facing the same issue as well.

[jried31]

I pivoted my approach since no solution has been provided yet. I used the Kafka REST API's provided by Event Stream in NodeJS. The endpoint is POST --- /topics/' + topicName + '/records

It's an authenticated endpoint so follow the instructions to add your credentials to the header. This is what happens under the covers anyway, so it's the most direct approach.

Although, it would greatly help if someone could provide assistance so that I could use the Kafka libraries. :)

[mimaison]

Hi @jried31 and @mataralhawiti

Our certificates are signed by a trusted CA so the built-in certificates in most operating systems should be all you need.

We've listed the default locations of certificates for common operating systems in https://github.com/ibm-messaging/event-streams-samples/blob/master/kafka-nodejs-console-sample/docs/Local.md#running-the-sample

[jried31]

How would the certificate apply to using IBM Event Streams Cloud Service? Itd used as an example there.

IBM cloud doesnt allow you to download any certificate and how can i pin any of my personal certificates if i cannot upload a certificate when a credential is created?

I guess i dont understand the process that you took to create a credential where one can piggyback a certificate vs basic user/password auth.

[mimaison]

To connect to Event Streams on Cloud, you need both the user/apikey and CA certificate.

If you're getting started, I recommend running our docker image locally or in IBM Kubernetes Service to see how it works

[jried31]

I used the HTTPS library in Node.js to use kafka's REST api as an interim approach. I would presume that library automatically references the CA location so it does not need to be specified (where you manually specify it).

I understand in Ubuntu there is a directory where all the parent CA certificates are placed. Am I correct that you are simply telling the program where to find those CA's so that the program can execute?

[mimaison]

Your initial question was about the Kafka client, hence why I'm explaining how to provide certificates.

If you're using the REST API you should not have to worry about certificates. You just need to pass your apikey using the Authorization header, see https://cloud.ibm.com/docs/EventStreams?topic=EventStreams-rest_producer_using#rest_produce_messages

[mimaison]

Did that answer your question? Can we close this issue?

[jried31]

Yes

On Fri, Mar 19, 2021, 3:03 AM Mickael Maison @.***> wrote:

Did that answer your question? Can we close this issue?

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/ibm-messaging/event-streams-samples/issues/73#issuecomment-802706936, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAC3BO2VQQDMVYAL3AFG553TEMOO7ANCNFSM4YJGMIRA .