@daniel sorry I didn’t respond sooner. I did a test where I set the Kafka output SSL settings as follows:
## Optional SSL Config
ssl_ca = "/etc/pki/tls/cert.pem"
# ssl_cert = "/etc/telegraf/cert.pem"
# ssl_key = "/etc/telegraf/key.pem"
## Use SSL but skip chain & host verification
# insecure_skip_verify = true
What I am hoping this will do is enable SSL/TLS encrypted traffic against the certificate from our CA we are using on our kafka brokers and that the cert can be verified by pointing “ssl_ca” setting to the openssl tls-ca-bundle.pem:
[ec2-user@ip-10-240-39-5 telegraf]$ openssl version -d
OPENSSLDIR: "/etc/pki/tls"
[ec2-user@ip-10-240-39-5 telegraf]$ ls -lha /etc/pki/tls/
total 12K
drwxr-xr-x 5 root root 81 Dec 13 05:16 .
drwxr-xr-x 10 root root 116 Jan 22 13:58 ..
lrwxrwxrwx 1 root root 49 Dec 13 05:16 cert.pem -> /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
drwxr-xr-x 2 root root 117 Dec 13 05:16 certs
drwxr-xr-x 2 root root 74 Dec 13 05:16 misc
-rw-r--r-- 1 root root 11K Nov 28 18:45 openssl.cnf
drwxr-xr-x 2 root root 6 Nov 28 18:49 private
Can you confirm whether this will do what I am hoping / expecting? When I start telegraf I don’t get any errors and I can confirm it is sending messages to kafka so I am assuming SSL/TLS encryption is enabled and that the cert is being verified. Can you recommend a way I can verify this?
Thanks!
