[UBA] Keystore and Trustore used in Cassandra and Kafka
CASSANDRA_USE_SSL_ENV if true:
CASSANDRA_KEYSTORE_ENV - JKS - string encoded in /etc/default/veridiumid/uba_variables
TRUSTSTORE_ENV - PEM - string encoded in /etc/default/veridiumid/uba_variables
CASSANDRA_KEYSTORE_PASS_ENV - string encoded in /etc/default/veridiumid/uba_variables
Kafka:
Starting with 2.7.6, the KeyStore and TrustStore format are:
For java services:
KAFKA_PRODUCER_SSL_KEYSTORE_PATH_ENV: KeyStore.jksKAFKA_PRODUCER_SSL_KEYSTORE_PWD_ENV: <because KeyStore format is jks>KAFKA_PRODUCER_SSL_TRUSTSTORE_PATH_ENV: TrustStore.pem
For python services:
ssl.ca.location→ TrustStore.pemssl.keystore.location->KeyStore.jksssl.keystore.password-><because KeyStore format is jks>
Before 2.7.6, the configuration was:
For python services:
ssl.ca.location→ TrustStore.pem
Use the ssl.ca.location to specify the path to your CA certificate (PEM or DER format)
The ssl.ca.location configuration in Kafka cannot directly be a JKS (Java KeyStore) file in Python Kafka clients (such as those using confluent_kafka or kafka-python).
JKS is a keystore format commonly used in Java-based applications. However, Kafka clients in Python typically expect the CA certificates to be in PEM format (text-based format) or, to a lesser extent, DER format (binary).
ssl.keystore.location: Path to the PKCS12 or JKS keystore file.ssl.keystore.password: The password for accessing the keystore
For java services:
KAFKA_PRODUCER_SSL_KEYSTORE_PATH_ENV: "/opt/veridiumid/uba/KeyStore.jks"
KAFKA_PRODUCER_SSL_KEYSTORE_PWD_ENV: "CASSANDRA_KEYSTORE_ENV_PASS_REPLACE_BY_INSTALLER"
KAFKA_PRODUCER_SSL_TRUSTSTORE_PATH_ENV: "/opt/veridiumid/uba/TrustStore.jks"
KAFKA_PRODUCER_SSL_TRUSTSTORE_PWD_ENV: "CASSANDRA_KEYSTORE_ENV_PASS_REPLACE_BY_INSTALLER"PEM files are typically used as plain text files and do not require a password for access.
JKS and PKCS12 formats, on the other hand, are binary formats and often require passwords to access the keystore or truststore.