cancel
Showing results for 
Search instead for 
Did you mean: 

Kafka SSL account validation to confluent cloud

JensDeveloper
Contributor II

Hi,

So I am trying to connect to my env in the confluent cloud using the kafka ssl account configuration.
After doing everything step by step creating the keystore and truststore file and also creating api key secret in confluent cloud and also the right passwords for the trust/keystore files.
https://docs-snaplogic.atlassian.net/wiki/spaces/SD/pages/1802240621/Kafka+SSL+Account

My questions has anyone had a use case that needed to configure kafka ssl acount?
My configurations:
image

Regards

Jens

1 ACCEPTED SOLUTION

Jens,

I just verified that our instructions work as described for Confluent Cloud accounts:
image

What do you mean that “it works with the REST API endpoint”? Our Kafka snaps do not work with the Confluent REST Proxy, which is a low-performance HTTP protocol adapter layer relative to the high-performance binary protocol used by the Kafka brokers. Our account requires the host:port value shown as the Bootstrap server in the Confluent Cloud Cluster settings:
image

Your account screenshot is showing several things misconfigured:

  • No keystore or truststore file is required.
  • The Security Protocol must be SASL_SSL, not SASL_PLAINTEXT.
  • The SASL Mechanism must be PLAIN (you have this part correct).
  • The SASL Username or Key and SASL Password or Key must be set to the Key and Secret values obtained when creating the API key in Confluent Kafka. No re-encoding of anything is necessary.
    image

View solution in original post

4 REPLIES 4

ptaylor
Employee
Employee

Hi Jens,

Take a closer look at that doc page and under SASL Username or Key you’ll find instructions specific to configuring an account for Confluent Cloud. Note that you don’t need a keystore or truststore file for this use case.

Patrick

Hi @ptaylor,
Thank you for your input, unfortunately ,
I already tried this with only the api key and secret but that doesn’t work, also all possible mechanisms and both encrypted as base64 code. Because it works with the REST API endpoint but not with the ssl account and bootstrap server endpoint.

Regards

Jens

Jens,

I just verified that our instructions work as described for Confluent Cloud accounts:
image

What do you mean that “it works with the REST API endpoint”? Our Kafka snaps do not work with the Confluent REST Proxy, which is a low-performance HTTP protocol adapter layer relative to the high-performance binary protocol used by the Kafka brokers. Our account requires the host:port value shown as the Bootstrap server in the Confluent Cloud Cluster settings:
image

Your account screenshot is showing several things misconfigured:

  • No keystore or truststore file is required.
  • The Security Protocol must be SASL_SSL, not SASL_PLAINTEXT.
  • The SASL Mechanism must be PLAIN (you have this part correct).
  • The SASL Username or Key and SASL Password or Key must be set to the Key and Secret values obtained when creating the API key in Confluent Kafka. No re-encoding of anything is necessary.
    image

Hi @ptaylor ,

First, sorry for my explanation, I forgot to mention I also tested it with a rest post snap for the rest api endpoint.

For the configuration, then it seems that is has to be on our snaplex side to connect to confluent I suppose, because with implementing the configuration like you showed it still gets a timeout connection. But now I can investigate further.

Thank you for your time.

Regards

Jens