Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- openssl req -new -newkey rsa:4096 -days 365 -x509 -subj "/CN=Kafka-Security-CA" -keyout ca-key -out ca-cert -nodes
- # ca-cert publico
- # ca-key privado
- #ssl port 9093
- export SRVPASS=serversecret
- #para crear un kafka broker certificate
- #CN callname => el dns publico
- keytool -genkey -keystore kafka.server.keystore.jks -validity 365 -storepass $SRVPASS -keypass $SRVPASS -dname "CN=yourdomain.com" -storetype pkcs12
- keytool -list -v -keystore kafka.server.keystore.jks
- Enter keystore password: serversecret
- keytool -keystore kafka.server.keystore.jks -certreq -file cert-file -storepass $SRVPASS -keypass $SRVPASS
- openssl x509 -req -CA ca-cert -CAkey ca-key -in cert-file -out cert-signed -days 365 -CAcreateserial -passin pass:$SRVPASS
- keytool -printcert -v -file cert-signed
- keytool -keystore kafka.server.truststore.jks -alias CARoot -import -file ca-cert -storepass $SRVPASS -keypass $SRVPASS -noprompt
- keytool -keystore kafka.server.keystore.jks -alias CARoot -import -file ca-cert -storepass $SRVPASS -keypass $SRVPASS -noprompt
- keytool -keystore kafka.server.keystore.jks -import -file cert-signed -storepass $SRVPASS -keypass $SRVPASS -noprompt
- # para reiniciar el servidor de kafka
- sudo systemctl restart kafka
- # para checar el status de kafka
- sudo systemctl status kafka
- #para el puerto cifrado como cliente desde una terminal:
- #openssl s_client -connect yourdomain.com:9093
- #debe de aparecer un mensaje que dice: CONNECTED......
- # cert-file, debería ser borrado despues de crear todos los archivos
- # nunca distribuir: ca-key, kafka.server.keystore.jks
- # ca-cert y cert-signed son los que se distribuyen publicamente a todos los clientes
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement