Steps to generate client certificates to connect to Kafka
Pre-requisites:
- ca-cert, kafka.client.keystore.jks file should be generate at Journey side and use the same ca-cert & kafka.client.keystore.jks file while generating client_key.pem & client_cert.pem file for configuring Kafka at Campaign side.
- Path to openssl executable must be set in environment variable.
- Path to keytool executable must be set in environment variable. This you can find in java path.
- On Cosole path to openssl config ie. openssl.cnf file MUST be set before going through following steps:
Steps to generate Campaign side kafka certificates:
- Generate client_cert.pem file using following command:Note: unica*03 - This must match with the password value used whie generating 'kafka.client.keystore.jks' file.
#> keytool -noprompt -keystore kafka.client.keystore.jks -exportcert -alias localhost -rfc -storepass unica*03 -file client_cert.pem
- Generate client_key.pem file using following command:Note: unica*03 - This must match with the password value used whie generating 'kafka.client.keystore.jks' file.
#> keytool -noprompt -srckeystore kafka.client.keystore.jks -importkeystore -srcalias localhost -destkeystore cert_and_key.p12 -deststoretype PKCS12 -srcstorepass unica*03 -storepass unica*03
#> openssl pkcs12 -in cert_and_key.p12 -nocerts -nodes -passin pass:unica*03 -out client_key.pem