I'm trying to reproduce Heroku Kafka setup in a Docker environment.
Following Apache Kafka setup, I can create a cluster of 3 Kafka instance working great.
I follow the instructions on http://kafka.apache.org/documentation.html#security_ssl to enable SSL for that cluster, it seems to work ok with the generated JKS (cluster start without error).
Now I have problem to extract the client certificate, client certificate key, and kafka trusted certificate in PEM format as it appears in heroku platform (see https://devcenter.heroku.com/articles/kafka-on-heroku#connecting-to-a-kafka-cluster for the description).
It seems a keytool /openssl usage question, hope you can help. Thank you.
Related
Laravel application deployed on Kubernetes and making requests to https://maps.google.com/maps/api/geocode/json failing with:
SSL routines:tls_process_server_certificate:certificate verify failed
The same application works when running on Docker.
I have appended Google's Root CA certs from here https://developers.google.com/maps/root-ca-faq#what_is_happening to the server's trust store but no luck there either.
I can disable verification but that's not the correct approach.
Any ideas would be much appreciated.
Thanks.
According to the OP, the solution was:
The issue was that our security team scans external certificates and
re-package them with the company's own cert. Once I added the
company's cert to the trust store, everything worked fine. It seems
it's only an internal issue.
Could you please help me setup the SSL on the Nifi Application.
To explain about the steps taken so far.
I have used the following link intructions to use the CA signed certs provided to us (This include root,intermediate and Server cert). I have sucessfully configured Nifi to run on SSL on server end but i am not getting the steps to create a client cert so that using the client cert we can login to Nifi.
Help in this regard will be highly appreciated.
You'll need to generate a Certificate Signing Request (CSR) or request from your security/IT team who provided the CA-signed server certs that they provide a client certificate (and private key) signed by the same intermediate or root CA. You could also generate your own client certificate signed by a self-signed CA and put the public certificate of that CA in the NiFi truststore. More documentation around this process can be found in the NiFi Toolkit Guide.
I was able to configure Gravitee API Gateway, Management and UI successfully and I successfully created sample API's which were tested in postman. Now I need to enable SSL for all the three Gravitee services running on ports Management-UI - 8000, API-gateway - 8092 and Management - 8093. Can some one help me to configure wild card domain certificate for all of these services?
This is the only official documentation which i see about ssl configuration for gravitee:
https://docs.gravitee.io/am/2.x/am_installguide_configuration.html
Any help is much appreciated, I have certificates in PKCS12/PEM formats.
FYI, DNS mapping is configured for the server.
I eventually figured it out. The solution was to generate a keystore and truststore for my domain certificate and then add the certificate to gravitee.yml configuration file for both gateway and management-api. update the paths in management ui - constant.json file and restart the services.
Hope this helps some one.
I'm currently working on a project that requires connecting to oracle eventhub which is a Oracle's version of kafka. The systems contacting the restproxy wouldnt accept the self signed certificate hence i'm trying to do either :
1- turn off https and allow for http connections to kafka
2- import a signed certificate i generated
unfortunately i cant locate the certificate store neither do i know how to or even if it is possible to have the rest proxy run on http
The solution was more simple than i thought, obviously Oracle Eventhub rest-proxy uses nginx for service exposure, few modifications to the configuration file and i was able to both remove https and allow for a certificate that i had issued
I configured my openldap 2.4 in Centos . And I have Mac client for it. Now i wanted to enable SSL for secured Ldap connection. I generated self certified certificate and configured my ldap.I followed following Document http://easylinuxtutorials.blogspot.in/2013/11/installing-configuring-openldap-server.html. But in this it is centos client, but my problem is how to configure Mac client. In some google search i found that just enabling SSL option in LDAPv3 of Directory server will do the job for us. But it didnt helped me. please help me in doing some missed configurations.
I solved it myself
Firstly we should edit ldap.conf file ,which is in the path /etc/openldap/ldap.conf of client.
we should add the line
TLS_REQCERT never