Kafka Module SSL configuration

Module Development
1

@Kevin.Herron we’ve been asked to switch an original kafka consumer over from non-ssl to SSL and the function for SSL in this library aren’t working for me but I think I know why, I just would like some confirmation.

In the function below, I can see that the file “ssl” exists on the VM:

private static Properties getSSLProps(Properties props)
.......
props.put(SslConfigs.SSL_KEYSTORE_LOCATION_CONFIG,homePath+String.format("%swebserver%sssl.key",sep,sep,sep));

image

However, for the following file, the name seems wrong (“cert-chain-store” instead of “truststore”)

 // Truststore settings
String truststorePath = homePath+String.format("%sdata%scertificates%struststore.jks",sep,sep,sep);

image

Then when looking at the log, I can see that the trust store location null

image
image1117×182 45.6 KB

So it seems to me that what I should be doing is changing truststore.jks to cert_chain_store.jks.

Does that seem correct or am I missing something?

Thanks,

Nick

2

Sorry, I realized this is something I need to manually generate from our existing SSL certificate. Sorry for the bother.

Nick

3

Documenting this here for myself and in case it can help someone else. I needed to make these changes in order to get the SSL config to work for Kafka:

  1. From my cert provider, I downloaded a truststore and manually put it in the following (truststore.jks):

C:\Program Files\Inductive Automation\Ignition\data\certificates

  1. The extension on the "SSL file for the keystore was “.key” but the actual file extension needed to be “.pfx”

  2. The password for the truststore was not allowed by our cert provider so I had to make a more complex one to meet the rules

  3. Rebuild the module with all those changes

After that all the errors and red text went away.

Cheers,

Nick

4

Glad you got it figured out. Definitely reach out on GitHub as I don’t usually check the forums for the module issues!