Forum Discussion

JensDeveloper's avatar
JensDeveloper
Contributor II
3 years ago
Solved

Kafka SSL account validation to confluent cloud

Hi, So I am trying to connect to my env in the confluent cloud using the kafka ssl account configuration. After doing everything step by step creating the keystore and truststore file and also cr...
accounts
confluent_kafka
  • ptaylor's avatar
    ptaylor
    3 years ago

    Jens,

    I just verified that our instructions work as described for Confluent Cloud accounts:

    What do you mean that “it works with the REST API endpoint”? Our Kafka snaps do not work with the Confluent REST Proxy, which is a low-performance HTTP protocol adapter layer relative to the high-performance binary protocol used by the Kafka brokers. Our account requires the host:port value shown as the Bootstrap server in the Confluent Cloud Cluster settings:

    Your account screenshot is showing several things misconfigured:

    • No keystore or truststore file is required.
    • The Security Protocol must be SASL_SSL, not SASL_PLAINTEXT.
    • The SASL Mechanism must be PLAIN (you have this part correct).
    • The SASL Username or Key and SASL Password or Key must be set to the Key and Secret values obtained when creating the API key in Confluent Kafka. No re-encoding of anything is necessary.
ptaylor's avatar
ptaylor
Employee
3 years ago

Hi Jens,

Take a closer look at that doc page and under SASL Username or Key you’ll find instructions specific to configuring an account for Confluent Cloud. Note that you don’t need a keystore or truststore file for this use case.

Patrick

JensDeveloper's avatar
JensDeveloper
Contributor II
3 years ago

Hi @ptaylor,
Thank you for your input, unfortunately ,
I already tried this with only the api key and secret but that doesn’t work, also all possible mechanisms and both encrypted as base64 code. Because it works with the REST API endpoint but not with the ssl account and bootstrap server endpoint.

Regards

Jens

  • ptaylor's avatar
    ptaylor
    Employee
    3 years ago

    Jens,

    I just verified that our instructions work as described for Confluent Cloud accounts:

    What do you mean that “it works with the REST API endpoint”? Our Kafka snaps do not work with the Confluent REST Proxy, which is a low-performance HTTP protocol adapter layer relative to the high-performance binary protocol used by the Kafka brokers. Our account requires the host:port value shown as the Bootstrap server in the Confluent Cloud Cluster settings:

    Your account screenshot is showing several things misconfigured:

    • No keystore or truststore file is required.
    • The Security Protocol must be SASL_SSL, not SASL_PLAINTEXT.
    • The SASL Mechanism must be PLAIN (you have this part correct).
    • The SASL Username or Key and SASL Password or Key must be set to the Key and Secret values obtained when creating the API key in Confluent Kafka. No re-encoding of anything is necessary.
    • JensDeveloper's avatar
      JensDeveloper
      Contributor II
      3 years ago

      Hi @ptaylor ,

      First, sorry for my explanation, I forgot to mention I also tested it with a rest post snap for the rest api endpoint.

      For the configuration, then it seems that is has to be on our snaplex side to connect to confluent I suppose, because with implementing the configuration like you showed it still gets a timeout connection. But now I can investigate further.

      Thank you for your time.

      Regards

      Jens