server.properties文件增加如下配置
# SSL认证配置
ssl.client.auth=required
ssl.enabled.protocols=TLSv1.2,TLSv1.1,TLSv1
ssl.keystore.type=PEM
ssl.truststore.type=PEM
# kafka2.0.x开始,将ssl.endpoint.identification.algorithm设置为了HTTPS,即:需要验证主机名
# 如果不需要验证主机名,那么可以这么设置 ssl.endpoint.identification.algorithm=即可
ssl.endpoint.identification.algorithm=
# 设置内部访问也用SSL,默认值为security.inter.broker.protocol=PLAINTEXT
#security.inter.broker.protocol=SSLlisteners=PLAINTEXT://ip:9092,SSL://ip:9093
ssl.keystore.certificate.chain=-----BEGIN CERTIFICATE---------END CERTIFICATE-----
ssl.keystore.key=-----BEGIN PRIVATE KEY---------END PRIVATE KEY-----
#ssl.key.password=
ssl.truststore.certificates=-----BEGIN CERTIFICATE---------END CERTIFICATE-----
参考:KIP-651 - Support PEM format for SSL certificates and private key - Apache Kafka - Apache Software Foundation