kafka-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ritesh Sinha <kumarriteshranjansi...@gmail.com>
Subject Re: Doubt regarding Encryption and Authentication using SSL
Date Wed, 09 Dec 2015 17:09:17 GMT
Thanks Ben for your prompt reply.

But when I am trying to start the producer it throws this error.

org.apache.kafka.common.KafkaException: Failed to construct kafka producer
at
org.apache.kafka.clients.producer.KafkaProducer.<init>(KafkaProducer.java:321)
at
org.apache.kafka.clients.producer.KafkaProducer.<init>(KafkaProducer.java:181)
at kafka.producer.NewShinyProducer.<init>(BaseProducer.scala:36)
at kafka.tools.ConsoleProducer$.main(ConsoleProducer.scala:46)
at kafka.tools.ConsoleProducer.main(ConsoleProducer.scala)
Caused by: org.apache.kafka.common.KafkaException:
org.apache.kafka.common.KafkaException: java.io.IOException: Keystore was
tampered with, or password was incorrect
at
org.apache.kafka.common.network.SslChannelBuilder.configure(SslChannelBuilder.java:44)
at
org.apache.kafka.common.network.ChannelBuilders.create(ChannelBuilders.java:60)
at
org.apache.kafka.clients.ClientUtils.createChannelBuilder(ClientUtils.java:80)
at
org.apache.kafka.clients.producer.KafkaProducer.<init>(KafkaProducer.java:271)
... 4 more
Caused by: org.apache.kafka.common.KafkaException: java.io.IOException:
Keystore was tampered with, or password was incorrect
at
org.apache.kafka.common.security.ssl.SslFactory.configure(SslFactory.java:95)
at
org.apache.kafka.common.network.SslChannelBuilder.configure(SslChannelBuilder.java:41)
... 7 more
Caused by: java.io.IOException: Keystore was tampered with, or password was
incorrect
at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:772)
at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:55)
at java.security.KeyStore.load(KeyStore.java:1226)
at
org.apache.kafka.common.security.ssl.SslFactory$SecurityStore.load(SslFactory.java:191)
at
org.apache.kafka.common.security.ssl.SslFactory$SecurityStore.access$000(SslFactory.java:175)
at
org.apache.kafka.common.security.ssl.SslFactory.createSSLContext(SslFactory.java:119)
at
org.apache.kafka.common.security.ssl.SslFactory.configure(SslFactory.java:93)
... 8 more
Caused by: java.security.UnrecoverableKeyException: Password verification
failed
at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:770)
... 14 more


I tried recreating the keystore but still same issuse.

On Wed, Dec 9, 2015 at 9:37 PM, Ben Stopford <ben@confluent.io> wrote:

> Hi Ritesh
>
> You just need to create yourself a text file called client-ssl.properties
> or similar in the directory your running from.  In that file you put your
> SSL client information. Something like this:
>
> security.protocol = SSL
> ssl.truststore.location = "/var/private/ssl/kafka.client.truststore.jks"
> ssl.truststore.password = "test1234"
>
> If you prefer you can pass these on the command line too with the
> producer/consumer-property option too.
>
> There’s some documentation here <
> http://docs.confluent.io/2.0.0/kafka/ssl.html#configuring-kafka-clients>
> if you’d like more info.
>
> All the best
>
> Ben
>
>
> > On 9 Dec 2015, at 14:17, Ritesh Sinha <kumarriteshranjansinha@gmail.com>
> wrote:
> >
> > Hi,
> >
> >
> > I am following the kafka documentation to create encryption and
> > authentication  while sending message to kafka by ssl
> >
> > I got stuck at these commands
> >
> > kafka-console-producer.sh --broker-list localhost:9093 --topic test
> > --producer.config *client-ssl.properties*
> >
> > kafka-console-consumer.sh --bootstrap-server localhost:9093 --topic
> > test --new-consumer --consumer.config *client-ssl.properties*
> >
> > *I*t is asking for *client-ssl.properties* for producer and consumer
> > config. I am not sure what these files are.I am able to follow these
> > steps :
> >
> > Generate SSL key and certificate for each Kafka broker
> > Creating your own CA
> > <http://kafka.apache.org/documentation.html#security_ssl_ca>
> > Signing the certificate
> > Configuring Kafka Brokers
> >
> > Can anyone help me in understanding what file does producer config needs
> > exactly?
> >
> > Thanks in Advance
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message