kafka6

Author: dagiro

articles/hdinsight/kafka/apache-kafka-ssl-encryption-authentication.md

@@ -203,7 +203,7 @@ These steps are detailed in the following code snippets.
     keytool -keystore kafka.client.keystore.jks -alias CARoot -import -file ca-cert -storepass "MyClientPassword123" -keypass "MyClientPassword123" -noprompt
     ```
 
-1. Create the file `client-ssl-auth.properties`. It should have the following lines:
+1. Create the file `client-ssl-auth.properties` on client machine (hn1) . It should have the following lines:
 
     ```config
     security.protocol=SSL
@@ -282,17 +282,17 @@ The details of each step are given below.
     cd ssl
     ```
 
-1. Create client store with signed cert, and import ca cert into the keystore and truststore:
+1. Create client store with signed cert, and import ca cert into the keystore and truststore on client machine (hn1):
 
     ```bash
-    keytool -keystore kafka.client.keystore.jks -import -file client-cert-signed -storepass MyClientPassword123 -keypass MyClientPassword123 -noprompt
+    keytool -keystore kafka.client.truststore.jks -alias CARoot -import -file ca-cert -storepass "MyClientPassword123" -keypass "MyClientPassword123" -noprompt
     
-    keytool -keystore kafka.client.keystore.jks -alias CARoot -import -file ca-cert -storepass MyClientPassword123 -keypass MyClientPassword123 -noprompt
+    keytool -keystore kafka.client.keystore.jks -alias CARoot -import -file ca-cert -storepass "MyClientPassword123" -keypass "MyClientPassword123" -noprompt
     
-    keytool -keystore kafka.client.truststore.jks -alias CARoot -import -file ca-cert -storepass MyClientPassword123 -keypass MyClientPassword123 -noprompt
+    keytool -keystore kafka.client.keystore.jks -import -file client-cert-signed -storepass "MyClientPassword123" -keypass "MyClientPassword123" -noprompt
     ```
 
-1. Create a file `client-ssl-auth.properties`. It should have the following lines:
+1. Create a file `client-ssl-auth.properties` on client machine (hn1) . It should have the following lines:
 
     ```bash
     security.protocol=SSL
@@ -305,6 +305,8 @@ The details of each step are given below.
 
 ## Verification
 
+Run these steps on the client machine.
+
 > [!Note]
 > If HDInsight 4.0 and Kafka 2.1 is installed, you can use the console producer/consumers to verify your setup. If not, run the Kafka producer on port 9092 and send messages to the topic, and then use the Kafka consumer on port 9093 which uses TLS.