I was unable to configure the CA path of the SSL certificate in Kafka trigger. There is no anywhere that I can configure. Does anyone has any ideas?
- **Running n8n via npm
1 Like
Hi @anderson.wong, welcome to the community!
I am afraid using custom certificates isn’t currently supported by the n8n Kafka credentials. You might, however, want to leave a vote on the respective feature request to register your interest in this: More kafka ssl options - Feature Requests - n8n
1 Like
Just in case anybody else stumbles upon this:
You can specify the environment variable NODE_EXTRA_CA_CERTS - as documented by the kafka library in use by n8n. Details here: Client Configuration · KafkaJS
Set this environment variable to point to your certificate in PEM format.
Hi @tony_mz, I have tried it, and it does not actually work when you have 1 trusted certificate, 1 client certificate and 1 client key. I combined all 3 of them in one .pem file and set it in the NODE_EXTRA_CA_CERTS environment variable, but I am encountering:
{"level":"ERROR","timestamp":"2025-01-15T20:21:44.720Z","logger":"kafkajs","message":"[BrokerPool] Failed to connect to seed broker, trying another broker from the list: Connection error: 7033F0B3FFFF0000:error:0A000412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate:../deps/openssl/openssl/ssl/record/rec_layer_s3.c:1590:SSL alert number 42\n","retryCount":4,"retryTime":5632}
Could you please share more information on how you made it work?
I have a kafka cluster hosted on Heroku, which only allows SSL trusted certificates. They do not allow SASL, username and password.