...
Note that with this property set the client could and should only connect to server’s “secureClientPort” “secureClientPort
” which will be described shortly.
...
Code Block | ||||
---|---|---|---|---|
| ||||
zookeeper.ssl.keyStore.location="/path/to/your/keystore"
zookeeper.ssl.keyStore.password="keystore_password"
zookeeper.ssl.trustStore.location="/path/to/your/truststore"
zookeeper.ssl.trustStore.password="truststore_password" |
Server
ZooKeeper server can use Netty by setting property:
Code Block | ||||
---|---|---|---|---|
| ||||
zookeeper.serverCnxnFactory="org.apache.zookeeper.server.NettyServerCnxnFactory" |
ZooKeeper server also needs to provide a listening port to accept secure client connections. This port is different from and running in parallel with the known “clientPort”. It should be added in “zoo.cfg”:
Code Block | ||||||
---|---|---|---|---|---|---|
| ||||||
...
secureClientPort=2281 |
All secure clients (mentioned above) should connect to this port.
Then set up keystore and truststore environment like what client does.
Quorum
Not supported yet!
Authentication
...