This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forย 
Search instead forย 
Did you mean:ย 

Kafka SSL account validation to confluent cloud

Go to solution
JensDeveloper
Contributor II

โ€Ž05-31-2023 06:56 AM

Hi,

So I am trying to connect to my env in the confluent cloud using the kafka ssl account configuration.
After doing everything step by step creating the keystore and truststore file and also creating api key secret in confluent cloud and also the right passwords for the trust/keystore files.
https://docs-snaplogic.atlassian.net/wiki/spaces/SD/pages/1802240621/Kafka+SSL+Account

My questions has anyone had a use case that needed to configure kafka ssl acount?
My configurations:
image

Regards

Jens

0 Kudos
1 ACCEPTED SOLUTION

Go to solution
ptaylor
Employee
Employee
In response to JensDeveloper

โ€Ž05-31-2023 11:20 AM

Jens,

I just verified that our instructions work as described for Confluent Cloud accounts:
image

What do you mean that โ€œit works with the REST API endpointโ€? Our Kafka snaps do not work with the Confluent REST Proxy, which is a low-performance HTTP protocol adapter layer relative to the high-performance binary protocol used by the Kafka brokers. Our account requires the host:port value shown as the Bootstrap server in the Confluent Cloud Cluster settings:
image

Your account screenshot is showing several things misconfigured:

  • No keystore or truststore file is required.
  • The Security Protocol must be SASL_SSL, not SASL_PLAINTEXT.
  • The SASL Mechanism must be PLAIN (you have this part correct).
  • The SASL Username or Key and SASL Password or Key must be set to the Key and Secret values obtained when creating the API key in Confluent Kafka. No re-encoding of anything is necessary.
    image

View solution in original post

0 Kudos
4 REPLIES 4

Go to solution
ptaylor
Employee
Employee

โ€Ž05-31-2023 07:56 AM

Hi Jens,

Take a closer look at that doc page and under SASL Username or Key youโ€™ll find instructions specific to configuring an account for Confluent Cloud. Note that you donโ€™t need a keystore or truststore file for this use case.

Patrick

0 Kudos

Go to solution
JensDeveloper
Contributor II
In response to ptaylor

โ€Ž05-31-2023 08:50 AM

Hi @ptaylor,
Thank you for your input, unfortunately ,
I already tried this with only the api key and secret but that doesnโ€™t work, also all possible mechanisms and both encrypted as base64 code. Because it works with the REST API endpoint but not with the ssl account and bootstrap server endpoint.

Regards

Jens

0 Kudos

Go to solution
ptaylor
Employee
Employee
In response to JensDeveloper

โ€Ž05-31-2023 11:20 AM

Jens,

I just verified that our instructions work as described for Confluent Cloud accounts:
image

What do you mean that โ€œit works with the REST API endpointโ€? Our Kafka snaps do not work with the Confluent REST Proxy, which is a low-performance HTTP protocol adapter layer relative to the high-performance binary protocol used by the Kafka brokers. Our account requires the host:port value shown as the Bootstrap server in the Confluent Cloud Cluster settings:
image

Your account screenshot is showing several things misconfigured:

  • No keystore or truststore file is required.
  • The Security Protocol must be SASL_SSL, not SASL_PLAINTEXT.
  • The SASL Mechanism must be PLAIN (you have this part correct).
  • The SASL Username or Key and SASL Password or Key must be set to the Key and Secret values obtained when creating the API key in Confluent Kafka. No re-encoding of anything is necessary.
    image
0 Kudos

Go to solution
JensDeveloper
Contributor II
In response to ptaylor

โ€Ž05-31-2023 12:05 PM

Hi @ptaylor ,

First, sorry for my explanation, I forgot to mention I also tested it with a rest post snap for the rest api endpoint.

For the configuration, then it seems that is has to be on our snaplex side to connect to confluent I suppose, because with implementing the configuration like you showed it still gets a timeout connection. But now I can investigate further.

Thank you for your time.

Regards

Jens