kafka-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ritesh Sinha <kumarriteshranjansi...@gmail.com>
Subject Re: Doubt regarding Encryption and Authentication using SSL
Date Wed, 09 Dec 2015 17:45:05 GMT
Solved it . Thanks

On Wed, Dec 9, 2015 at 10:39 PM, Ritesh Sinha <
kumarriteshranjansinha@gmail.com> wrote:

> Thanks Ben for your prompt reply.
>
> But when I am trying to start the producer it throws this error.
>
> org.apache.kafka.common.KafkaException: Failed to construct kafka producer
> at
> org.apache.kafka.clients.producer.KafkaProducer.<init>(KafkaProducer.java:321)
> at
> org.apache.kafka.clients.producer.KafkaProducer.<init>(KafkaProducer.java:181)
> at kafka.producer.NewShinyProducer.<init>(BaseProducer.scala:36)
> at kafka.tools.ConsoleProducer$.main(ConsoleProducer.scala:46)
> at kafka.tools.ConsoleProducer.main(ConsoleProducer.scala)
> Caused by: org.apache.kafka.common.KafkaException:
> org.apache.kafka.common.KafkaException: java.io.IOException: Keystore was
> tampered with, or password was incorrect
> at
> org.apache.kafka.common.network.SslChannelBuilder.configure(SslChannelBuilder.java:44)
> at
> org.apache.kafka.common.network.ChannelBuilders.create(ChannelBuilders.java:60)
> at
> org.apache.kafka.clients.ClientUtils.createChannelBuilder(ClientUtils.java:80)
> at
> org.apache.kafka.clients.producer.KafkaProducer.<init>(KafkaProducer.java:271)
> ... 4 more
> Caused by: org.apache.kafka.common.KafkaException: java.io.IOException:
> Keystore was tampered with, or password was incorrect
> at
> org.apache.kafka.common.security.ssl.SslFactory.configure(SslFactory.java:95)
> at
> org.apache.kafka.common.network.SslChannelBuilder.configure(SslChannelBuilder.java:41)
> ... 7 more
> Caused by: java.io.IOException: Keystore was tampered with, or password
> was incorrect
> at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:772)
> at sun.security.provider.JavaKeyStore$JKS.engineLoad(JavaKeyStore.java:55)
> at java.security.KeyStore.load(KeyStore.java:1226)
> at
> org.apache.kafka.common.security.ssl.SslFactory$SecurityStore.load(SslFactory.java:191)
> at
> org.apache.kafka.common.security.ssl.SslFactory$SecurityStore.access$000(SslFactory.java:175)
> at
> org.apache.kafka.common.security.ssl.SslFactory.createSSLContext(SslFactory.java:119)
> at
> org.apache.kafka.common.security.ssl.SslFactory.configure(SslFactory.java:93)
> ... 8 more
> Caused by: java.security.UnrecoverableKeyException: Password verification
> failed
> at sun.security.provider.JavaKeyStore.engineLoad(JavaKeyStore.java:770)
> ... 14 more
>
>
> I tried recreating the keystore but still same issuse.
>
> On Wed, Dec 9, 2015 at 9:37 PM, Ben Stopford <ben@confluent.io> wrote:
>
>> Hi Ritesh
>>
>> You just need to create yourself a text file called client-ssl.properties
>> or similar in the directory your running from.  In that file you put your
>> SSL client information. Something like this:
>>
>> security.protocol = SSL
>> ssl.truststore.location = "/var/private/ssl/kafka.client.truststore.jks"
>> ssl.truststore.password = "test1234"
>>
>> If you prefer you can pass these on the command line too with the
>> producer/consumer-property option too.
>>
>> There’s some documentation here <
>> http://docs.confluent.io/2.0.0/kafka/ssl.html#configuring-kafka-clients>
>> if you’d like more info.
>>
>> All the best
>>
>> Ben
>>
>>
>> > On 9 Dec 2015, at 14:17, Ritesh Sinha <kumarriteshranjansinha@gmail.com>
>> wrote:
>> >
>> > Hi,
>> >
>> >
>> > I am following the kafka documentation to create encryption and
>> > authentication  while sending message to kafka by ssl
>> >
>> > I got stuck at these commands
>> >
>> > kafka-console-producer.sh --broker-list localhost:9093 --topic test
>> > --producer.config *client-ssl.properties*
>> >
>> > kafka-console-consumer.sh --bootstrap-server localhost:9093 --topic
>> > test --new-consumer --consumer.config *client-ssl.properties*
>> >
>> > *I*t is asking for *client-ssl.properties* for producer and consumer
>> > config. I am not sure what these files are.I am able to follow these
>> > steps :
>> >
>> > Generate SSL key and certificate for each Kafka broker
>> > Creating your own CA
>> > <http://kafka.apache.org/documentation.html#security_ssl_ca>
>> > Signing the certificate
>> > Configuring Kafka Brokers
>> >
>> > Can anyone help me in understanding what file does producer config needs
>> > exactly?
>> >
>> > Thanks in Advance
>>
>>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message