What is SSL?
A free video tutorial from Stephane Maarek | AWS Certified Solutions Architect & Developer Associate
Best Selling Instructor, Kafka Guru, 9x AWS Certified
4.7 instructor rating • 38 courses • 792,758 students
Learn more from the full courseApache Kafka Series - Kafka Security | SSL SASL Kerberos ACL
Hands-On Course - Kafka Security Setup in AWS with SSL Encryption & Authentication, SASL Kerberos, ACL in Zookeeper
03:54:08 of on-demand video • Updated April 2021
- Setup and use SSL encryption in Kafka
- Setup and use SSL authentication in Kafka
- Setup and use SASL Kerberos authentication in Kafka
- Create and use ACLs in Kafka
- Configure Kafka Clients to make them work with security
- Configure Zookeeper Security
English [Auto] So what is it exactly. SSL is old now it's called jealous for transport layer security and it's used to encrypt the connection between two end points for security to exchange as information before SSL and G-S are used interchangeably today in terms of naming. So we'll keep on referring to us as as I said in the rest of the course. Here is a computer and you're trying to access google.com as you can see the Earlham good welcome is it should be s so easily be eXistenZ for the fact that your connection is going to be encrypted. And in-between this is going to be the SSL protocol. And it will be a secure and secret exchange of information between you and Google or any secure web sites that start with HDB. So it will be based on who has a certificate and when a certificate is trusted. When is a good as is a certificate. You will see that green lock secure when you visit Google's Web sites. If you don't visit Google's Web site it was about Web sites. It may show an unsecure or red look and that means that you may get your packets intercepted and that SSL is badly set up. So anyways there are two ways of using SSL and cat I can use both as we'll see the first one is one with the application the browser to the web server. That's what happens when you visit google.com and that's for encryption. So any website you use you're going to get their SSL certificates. Make sure it is valid. And this week browser like Google Chrome will do. And then if it's ok it will display a nice secure green button and it will do encryption. So the data exchange between you and the web sites say for example a credit card information is secure and no one can ever except it's pretty reassuring right. The other way is called to way verification and that's called SSL authentication and that's something we'll see in this course but it's basically that now your computer also has a nexus of certificates and it can authenticate using this to a website or a service. So for SSL for encryption here is how things look like. Be careful. That slide is quite a lot and it can be complicated. You may not understand everything. That's OK. But I wanted to give you an overview of how things works. So hang onto your seats and let's get started. You have your get clients in on the right side. You have your server easy right. So the first thing we have to do is to set up our certificates our SSL certificates for this we are going to use something called a certificate authority and there's about 20 sort of ticket authorities on the public web. But because our Cafcass that a server is going to be private we will use our own sort of thicket authority. So first we'll have to do is for the Cafcass server it will have to create a key store and that keys Tor basically will have to store certificates. So first we're going to request a certificate to sign for a broker. One example that come and wants to Certificate Authority received a certificate and signed it. It will send it back to our broker. That's just a set up phase by the way. And then in the store will have a service certificates signed by the certificate authority or CA. OK. There is a set up on the right hand side. So basically our broker Curtice certificates for its name send it to the CIA this year reply back with the signing of the certificates. I mean this year proves it. And now Kafka in the store has a sort of certificates all right on the left hand side. Now we will have a trust store and that trust Tor is simulate your store but not exactly the same in which case the trust or trust the sort of authority the trusting means that any sort of tickets signed by a certificate authority is legit. And that's called trusting. That's the whole principle behind us itself. So your Google Chrome browser for example trust the main 20 certificate authorities. That's an issue as I said I think it's OK. But the it will create is private therefore we'll have to tell our clients to trust that sort of fixed authority using a trust. So what will happen is that there will be a green as you can see see routes public certificates in our store so that our clients can trust it. Easy right. OK. And as it gets caught we have done all the set up on certificates and we'll see this in the heads on this is how we do it. Now caf clients needs to connect to the Cafcass service to what happens. They will perform something called an SSL handshake. So the first thing we'll do is that upon connection to kever clients will request something for the Cafcass server and that is the Cyanea SSL certificates. So this officer will say I will send a part of a sign is it also if he gets and say Here is my identity. Now Kevin Klan's is going to verify the certificate from the server industry make sure that it is a good one that it is legit. And for this to verify his certificates it will use its trust or then once it's agreed that they think it is good it will be as secure SSL and the communication between the client and the server. Ok so that's about it for SSL. You need to remember that diagram. Revise it. But everything we were going to do in the next hands on lectures will be related to this and this is how it works. Don't worry. What's the set up is done it's just a few conflicts and things work out for you. But in this lecture I wanted to really explain what will happen. So you're not blinded. All right well see in the next lecture.