kafka添加ssl认证

主要是生成证书:

请先安装java和openssl.

生成证书脚本ca.sh:

#!/bin/bash
#Step 1
keytool -keystore /var/soft/ca/server.keystore.jks -alias localhost -validity 365 -genkey
#Step 2
openssl req -new -x509 -keyout ca-key -out ca-cert -days 365
keytool -keystore /var/soft/ca/server.truststore.jks -alias CARoot -import -file ca-cert
keytool -keystore /var/soft/ca/client.truststore.jks -alias CARoot -import -file ca-cert
#Step 3
keytool -keystore /var/soft/ca/server.keystore.jks -alias localhost -certreq -file cert-file
openssl x509 -req -CA ca-cert -CAkey ca-key -in cert-file -out cert-signed -days 365 -CAcreateserial -passin pass:123456
keytool -keystore /var/soft/ca/server.keystore.jks -alias CARoot -import -file ca-cert
keytool -keystore /var/soft/ca/server.keystore.jks -alias localhost -import -file cert-signed



这里强调下，在执行脚本过程中会让你输入你的first,lastname,这里应该填你的域名:比如localhost或者xx.com

脚本执行完成了之后，先启动zookeeper.然后修改kafka配置文件，我的配置文件如下 :

# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements.  See the NOTICE file distributed with
# this work for additional information regarding copyright ownership.
# The ASF licenses this file to You under the Apache License, Version 2.0
# (the "License"); you may not use this file except in compliance with
# the License.  You may obtain a copy of the License at
#
#    http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.

# see kafka.server.KafkaConfig for additional details and defaults

############################# Server Basics #############################
#主要是修改的下面部分:记住，SSL后面不应该是ip.而是你刚设置的域名。比如这里是localhost
# The id of the broker. This must be set to a