Kafka and Self-signed Server Certificates
If your test environment kafka servers use self-signed certificates extra steps are required to generate the certificate for cmdReporter's TLSServerCertificate preference.
Due to certificate validation requirements the certificate authority must be combined with the signed server certificate in the TLSServerCertificate preference. Conversion steps are below, starting with an operational self-signed kafka server key and trust store.
# Make a copy of the truststore in p12 format, can't go directly to .pem format 1) /usr/bin/keytool -importkeystore -srckeystore kafka-server.truststore.jks -destkeystore kafka-server-truststore-copy.p12 -srcstoretype jks -deststoretype pkcs12 # Convert new .p12 into the .pem format we need 2) /usr/bin/openssl pkcs12 -in kafka-server-truststore-copy.p12 -out kafka-server-truststore-copy.pem # Concatenate the certificate authority .pem and the self-signed server public certificate 3) /bin/cat "kafka-server-truststore-copy.pem" "kafka-server-public-cert" > copy_everything_in_here_to_TLSServerCertificate_pref.txt 4) /bin/cat "copy_everything_in_here_to_TLSServerCertificate_pref.txt" -----BEGIN CERTIFICATE----- MIID3DCCAsQCCQC+fcrOm+zE4DANBgkqhkiG9w0BAQsFADCBrzELMAkGA1UEBhMC VVMxDTALBgNVBAgMBE5vbmUxDzANBgNVBAcMBlNlY3JldDEUMBIGA1UECgwLY21k U2VjdXJpdHkxGjAYBgNVBAsMEU1hZ2ljYWwgTXlzdGVyaWVzMS8wLQYDVQQDDCZl bWFpbC5kYW4uYWJvdXQuam9iLmF0LmNtZHNlY3VyaXR5LmNvbTEdMBsGCSqGSIb3 DQEJARYOZGFuQGNtZHNlYy5jb20wHhcNMTkwNTE1MDUzMTM1WhcNMjkwNTEyMDUz MTM1WjCBrzELMAkGA1UEBhMCVVMxDTALBgNVBAgMBE5vbmUxDzANBgNVBAcMBlNl Y3JldDEUMBIGA1UECgwLY21kU2VjdXJpdHkxGjAYBgNVBAsMEU1hZ2ljYWwgTXlz dGVyaWVzMS8wLQYDVQQDDCZlbWFpbC5kYW4uYWJvdXQuam9iLmF0LmNtZHNlY3Vy aXR5LmNvbTEdMBsGCSqGSIb3DQEJARYOZGFuQGNtZHNlYy5jb20wggEiMA0GCSqG SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDO42BoNMw3gxNKlSTW1BeNeykYsz4rUBSF Yv1gQmwZVGPJo5vSSMsrl6PDNEvFkGyWIG9R1FlzYrFnVj7rYhTXYXHluTRj+1Hg JIfGztXYZCj6mCZ9lSobBnkaY8quiGBzxS7VhkKukiAUzCBKcNR9gSHqKGynFuY9 63HI9jRIVlOBfCe23La8BH+vLzKswYUvUXQmeyz9sDUn5ZKvatq7VJb9qD7JIl1L hF+kuXtKgaTrmDTR8Gl/asPNXCVMop+1W8eZ+Lb1Wrm0/EepSVV90fkvOupYeCXz detU8MVzUY7ZX+FmFERDznSMtuX7i8llRMw3y6A/EPK4xjLoxdpVAgMBAAEwDQYJ KoZIhvcNAQELBQADggEBAL4Yi9B2h/mp/gNvvuJ09G8H9BlVXvjxlLfM5+nKvecP 1oe5mekoPMiNspTvi3+64z+9znwELcWfKAww2iQHV1wj552URvBkhWa3IHZkgCDh 6tILUpwXLx4xc0H1t2/JGj27yjSwyNZftAMjqver8oiv/s0c14YMy+AUac834kFz xSYVLNPz65FdZKVLEnncwpEB5Rj75oZL5gflfT/tMKY2luiVEh9kM9iuXwTPtM9m CkqKXC6s9SVg66PrvvZUARtUhU++/jsJYQUhWcdiZUOenYBIN3VuCQ+/1G4IGRvo RPS9rXKcnGAXz1+K13YXc0MzY6ESkcRj79MB0VX828U= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIDqTCCApECCQDWiXa1rlad3TANBgkqhkiG9w0BAQUFADCBrzELMAkGA1UEBhMC VVMxDTALBgNVBAgMBE5vbmUxDzANBgNVBAcMBlNlY3JldDEUMBIGA1UECgwLY21k U2VjdXJpdHkxGjAYBgNVBAsMEU1hZ2ljYWwgTXlzdGVyaWVzMS8wLQYDVQQDDCZl bWFpbC5kYW4uYWJvdXQuam9iLmF0LmNtZHNlY3VyaXR5LmNvbTEdMBsGCSqGSIb3 DQEJARYOZGFuQGNtZHNlYy5jb20wHhcNMTkwNTE1MDUzMzIzWhcNMjkwNTEyMDUz MzIzWjB9MQswCQYDVQQGEwJVUzENMAsGA1UECBMETm9uZTENMAsGA1UEBxMETm9u ZTEZMBcGA1UEChMQY21kU2VjdXJpdHksIGluYzEbMBkGA1UECxMSam9iIGF0IGNt ZHNlY3VyaXR5MRgwFgYDVQQDEw9lbWFpbCBkYW4gYWJvdXQwggEiMA0GCSqGSIb3 DQEBAQUAA4IBDwAwggEKAoIBAQCJUj6iPn5ix6rkerXF/Sq/lmxuyN7d5UCKoZin cilLtMbiuTF+YD9m79dtty/tS+b8RPlsGBwlZswHQcRg0Jy+2zCg0av4a6GnAQSt l49mKxs79g3jBbEcO8q1rIuB/7qxtOeRK+Bfzm8R9orV/p+Ec4Ba13px9uOPRKGm 6lzAu4+LpleHXfyKQyeIqyadcBLIhr3nJATufTZlB8eD91zvQ9PMaWDq4KEms5HH IruwqXN2tjNeMGVtl+G2CK/ilkIkPZ5k5QtJqZyBroDsrA2SF04Lc9+jEoYErzvd UP1MmUwe+6XxIHfUmGzsA58tgmTnveB1eMnP7Tz47Yp/vfe9AgMBAAEwDQYJKoZI hvcNAQEFBQADggEBAK703fNWyzv0/t/GnMdFkMbSlm2Efd3w2xQYfge7XIl1Tkhf bx0bFSMqAPgyBR8uADS/cwDwnLG22Fcb7L3IMcLIuGqwtLhYQEkgQN/fyn+fXoFA 9R/DeOdwXFjW2sNgluz9Zav4eqgVAb18S0TgsNDtBqoDZe7Mx/hll764icgsM5fi DJEe0/DuI/5nK9OSN9glC0pAoTG98GlgNX2f3d581FowTQxOAoGxYfSZT8TnjQZl BW0AYoVfDxpc2qYIeh7CcL4ggC55Iq4amxmEwXRUpmdDwoOPWjmJXiFdjh2Cldpe Ut3xLrRoo4oIcWELzuGujrl/BOtU7InAJgC2yqY= -----END CERTIFICATE-----