Configuring TLS/SSL for Kafka (Navigator Event Broker)

To enable TLS/SSL encryption between Navigator Audit Server and Kafka for publishing audit events to Kafka:
  1. Log in to the Cloudera Manager Admin Console.
  2. Select Clusters > Kafka.
  3. Click the Configuration tab.
  4. Select Kafka Broker for the Scope filter.
  5. Select Security for the Category filter.
  6. Enter the following properties according to your cluster configuration.
    Property Description
    Enable TLS/SSL for Kafka Broker Select the checkbox to enable TLS/SSL for encrypted communication between clients and the Kafka Broker service.
    Kafka Broker TLS/SSL Certificate Trust Store File Enter the path (location on disk) to the JKS truststore. Leave this field empty to have the list of well-known CAs checked to provide a chain of proof for the Navigator Audit Server.
    Kafka Broker TLS/SSL Certificate Trust Store Password The truststore does not need password protection. Its contents are public certificates already included in the default Java truststore.
  7. Click Save Changes.
  8. Restart the Kafka service.