SSL Certificate in Kafka Consumer in asp.net

0
votes

I am making consumer in Asp.Net using Confluent Kafka. Confluent kafka downloaded from Nuget package.

I want to connect with remote server where kafka is deployed using SSL certificate.

I am using config for connection:

var configSSL = new ConsumerConfig {
 GroupId = groupID,
  BootstrapServers = serverUrl,
  SslCaLocation = "Config/testcert.p12",
  SecurityProtocol = SecurityProtocol.Ssl,
  AutoOffsetReset = AutoOffsetReset.Earliest,
  Debug = "all",
};

I am not able to connect kafka server using SSL certificate and I am getting error:

Error occurred: ssl.ca.location failed: No error

3
c#asp.netapache-kafkaconfluent-platform

3 Answers

1
votes

You should try to follow the example in here to configure SSL correctly. It is written by the main confluent-kafka-dotnet contributor. But just by looking at your configuration I'd say you should try to use the full path for SslCaLocation.

0
votes

You have to add a ca certificate and your certificates private key to connect with ssl to Apache Kafka in .NET.

var mutualAuthConfig = new Dictionary<string, object> 
{ 
    { "BootstrapServers", "{server_hostname}:9093" },
    { "SecurityProtocol", "SSL" },
    { "SslCaLocation", "your_ca_cert_path" },
    { "SslCertificateLocation", "your_cert_path" },
    { "SslKeyLocation", "your_key_file" },
};

The reason is that you issue your certificates via OpenSSL. For example, OpenSSL generates a file with the extension .pem and represents only a certificate. In the Java world, you can use a Java keystore that gives you a certificate that consists of a certificate and a private key.

You can view configuration examples here: https://github.com/mhowlett/confluent-kafka-dotnet/tree/security/examples/Security

This configuration should do the trick :)

0
votes

Just double-click the testcert.p12 file to install it on your machine. You needn't set up SslCaLocation.