Configuring TLS/SSL for Kafka (Navigator Event Broker)
Use the following steps to enable encryption when publishing Cloudera Navigator Audit events to Kafka:
- Open the Cloudera Manager Admin Console and go to the Kafka service.
- Click the Configuration tab.
- Select .
- Select .
- Edit the following properties according to your cluster configuration.
Property Description Enable TLS/SSL for Kafka Broker Encrypt communication between clients and Kafka Broker using Transport Layer Security (TLS) (formerly known as Secure Socket Layer (SSL)). Kafka Broker TLS/SSL Certificate Trust Store File The location on disk of the truststore, in .jks format. This is used to confirm the authenticity of TLS/SSL servers that the Kafka Broker might connect to as a client. If this field is left empty, by default, a list of well-known certificate authorities is used to check the Navigator Audit Server's identity. Kafka Broker TLS/SSL Certificate Trust Store Password The password for the Kafka Broker TLS/SSL Certificate Trust Store File. This field can be left blank. A password only provides optional integrity checking for the truststore file. Contents of truststores are certificates, and certificates are already public information. - Click Save Changes to commit the changes.
- Restart the Kafka service.