Configuring TLS/SSL for Kafka (Navigator Event Broker)

Use the following steps to enable encryption when publishing Cloudera Navigator Audit events to Kafka:
  1. Open the Cloudera Manager Admin Console and go to the Kafka service.
  2. Click the Configuration tab.
  3. Select Scope > Kafka Broker.
  4. Select Category > Security.
  5. Edit the following properties according to your cluster configuration.
    Property Description
    Enable TLS/SSL for Kafka Broker Encrypt communication between clients and Kafka Broker using Transport Layer Security (TLS) (formerly known as Secure Socket Layer (SSL)).
    Kafka Broker TLS/SSL Certificate Trust Store File The location on disk of the truststore, in .jks format. This is used to confirm the authenticity of TLS/SSL servers that the Kafka Broker might connect to as a client. If this field is left empty, by default, a list of well-known certificate authorities is used to check the Navigator Audit Server's identity.
    Kafka Broker TLS/SSL Certificate Trust Store Password The password for the Kafka Broker TLS/SSL Certificate Trust Store File. This field can be left blank. A password only provides optional integrity checking for the truststore file. Contents of truststores are certificates, and certificates are already public information.
  6. Click Save Changes to commit the changes.
  7. Restart the Kafka service.