0

I am using confluent kafka library for .net which is built on top of librdkafka. As per documentation over here : https://github.com/edenhill/librdkafka/blob/master/INTRODUCTION.md#ssl If ssl.ca.location is not set it will probe default paths. When I do not set it explicitly uses "/etc/ssl/certs/ca-certificates.crt" and works fine.

Now for my validation purpose I removed all other certificates from /etc/ssl/certs and placed a new file (say "kafka_root_ca.pem") in /etc/ssl/certs. As per documentation without explicit ssl.ca.location set it should auto probe certificate in path "/etc/ssl/certs" but it doesn't. Even tried setting ssl.ca.location = 'probe' (as per confluent library suggestion) but still it doesn't pick from above folder. Only when I set absolute path "/etc/ssl/certs/kafka_root_ca.pem" it works.

Am i missing something, because based on above documentation it should pick from /etc/ssl/certs foler automatically if not set.

Vikash Mishra
  • 123
  • 2
  • 10

1 Answers1

0

I had similar issues:

At least with Ubuntu rdlibkafka i.e. openssl is expecting the file ca-certificates.crt with all certificates concatenated into it (binary format), which is done automatically by linux, see https://manpages.ubuntu.com/manpages/xenial/man8/update-ca-certificates.8.html . However if you specify ssl.ca.location with the full file path to the expected CA certificate, then I was able to use a single PEM certificate. (in then any directory)

Superlokkus
  • 4,731
  • 1
  • 25
  • 57