Kafka Connector > Kafka connections > Configuring one-way SSL authentication for Confluent schema registry in a mapping
  

Configuring one-way SSL authentication for Confluent schema registry in a mapping

You can configure SSL authentication to establish one-way secure communication with Confluent schema registry.

Import the Confluent schema registry truststore certificate

Import the Confluent schema registry truststore certificate and ensure that the certificates are in the .jks format.
  1. 1Download the latest .jks truststore file from the secured Kafka broker associated with a secured schema registry.
  2. 2Extract the certificate from the .jks truststore file in PEM format.
    3. The certificate is exported in .cer format.
  3. 3When prompted, specify the password for the truststore file.
  4. 4Import the .cer certificate into the cacerts file in the following location:
    5. <Secure agent installation directory>\jdk\jre\lib\security
  5. 5When prompted, specify the password for the cacerts file.
  6. 6If there is a jdk folder within the <Secure agent installation directory>\apps folder, navigate to the following folder and import the .cer certificate into the cacerts file:
    7. <Secure agent installation directory>\apps\jdk\<latest Zulu version>\jre\lib\security
  7. 7After you import the cacerts file, verify the entry of the .cer certificate.
  8. 8Restart the Secure Agent.

Configure the Kafka connection

Configure the Kafka connection to enable one-way SSL authentication with the Confluent schema registry:
  1. 1In Administrator, select Connections.
  2. 2Select a Kafka connection for which you want to configure one-way SSL authentication with the Confluent schema registry.
  3. 3Click Edit.
  4. 4In the Kafka connection properties, select the SSL Mode as One-way.
  5. 5Specify the SSL TrustStore File Path and the SSL TrustStore Password.
  6. 6Click Save to save the connection.

Configure the Secure Agent

Configure the JVM Options and INFA_DEBUG property for the Secure Agent to configure one-way SSL authentication with the Confluent schema registry and to successfully import the Avro metadata from the Confluent schema registry.
To configure the Secure Agent and successfully import the Avro metadata, perform the following steps:
  1. 1In Administrator, select Runtime Environments.
  2. 2Select the Secure Agent for which you want to configure from the list of available Secure Agents.
  3. 3In the upper-right corner, click Edit.
  4. 4In the System Configuration Details section, select the Type as DTM for the Data Integration Service.
  5. 5Edit the following JVM options and add the following values:
    6. Property
    Value
    JVMOption3
    -Dsr.sslTruststoreFilePath=<schema registry truststore certificate file path>/schema_registry.truststore.jks
    JVMOption4
    -Dsr.sslTruststorePassword=<password for the schema registry truststore certificate>
  6. 6Select the Type as Platform for the Data Integration Service.
  7. 7Edit the INFA_DEBUG property and add the following space separated values:
    8. -Dsr.sslTruststoreFilePath=<schema registry truststore certificate file path>/schema_registry.truststore.jks -Dsr.sslTruststorePassword=<password for the schema registry truststore certificate>
  8. 8Click Save.
  9. 9Restart the Secure Agent.