Forum Discussion

JensDeveloper's avatar
JensDeveloper
Contributor II
3 years ago
Solved

Kafka SSL account validation to confluent cloud

Hi,

So I am trying to connect to my env in the confluent cloud using the kafka ssl account configuration.
After doing everything step by step creating the keystore and truststore file and also creating api key secret in confluent cloud and also the right passwords for the trust/keystore files.
https://docs-snaplogic.atlassian.net/wiki/spaces/SD/pages/1802240621/Kafka+SSL+Account

My questions has anyone had a use case that needed to configure kafka ssl acount?
My configurations:

Regards

Jens

accounts
confluent_kafka
  • ptaylor's avatar
    ptaylor
    3 years ago

    Jens,

    I just verified that our instructions work as described for Confluent Cloud accounts:

    What do you mean that “it works with the REST API endpoint”? Our Kafka snaps do not work with the Confluent REST Proxy, which is a low-performance HTTP protocol adapter layer relative to the high-performance binary protocol used by the Kafka brokers. Our account requires the host:port value shown as the Bootstrap server in the Confluent Cloud Cluster settings:

    Your account screenshot is showing several things misconfigured:

    • No keystore or truststore file is required.
    • The Security Protocol must be SASL_SSL, not SASL_PLAINTEXT.
    • The SASL Mechanism must be PLAIN (you have this part correct).
    • The SASL Username or Key and SASL Password or Key must be set to the Key and Secret values obtained when creating the API key in Confluent Kafka. No re-encoding of anything is necessary.

4 Replies

  • ptaylor's avatar
    ptaylor
    Employee
    3 years ago

    Hi Jens,

    Take a closer look at that doc page and under SASL Username or Key you’ll find instructions specific to configuring an account for Confluent Cloud. Note that you don’t need a keystore or truststore file for this use case.

    Patrick

    • JensDeveloper's avatar
      JensDeveloper
      Contributor II
      3 years ago

      Hi @ptaylor,
      Thank you for your input, unfortunately ,
      I already tried this with only the api key and secret but that doesn’t work, also all possible mechanisms and both encrypted as base64 code. Because it works with the REST API endpoint but not with the ssl account and bootstrap server endpoint.

      Regards

      Jens

      • ptaylor's avatar
        ptaylor
        Employee
        3 years ago

        Jens,

        I just verified that our instructions work as described for Confluent Cloud accounts:

        What do you mean that “it works with the REST API endpoint”? Our Kafka snaps do not work with the Confluent REST Proxy, which is a low-performance HTTP protocol adapter layer relative to the high-performance binary protocol used by the Kafka brokers. Our account requires the host:port value shown as the Bootstrap server in the Confluent Cloud Cluster settings:

        Your account screenshot is showing several things misconfigured:

        • No keystore or truststore file is required.
        • The Security Protocol must be SASL_SSL, not SASL_PLAINTEXT.
        • The SASL Mechanism must be PLAIN (you have this part correct).
        • The SASL Username or Key and SASL Password or Key must be set to the Key and Secret values obtained when creating the API key in Confluent Kafka. No re-encoding of anything is necessary.