kafka-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Pere Urbón Bayes <pere.ur...@gmail.com>
Subject Re: kafka security using ssl
Date Thu, 22 Aug 2019 12:44:23 GMT
you should verify a proper chain of validation. is your private ca cert in
your trust store?

On Thu, 22 Aug 2019, 14:40 Antony A <antonyaugustus@gmail.com> wrote:

> Hi,
>
> I was able to get the broker running if I used a CA created as shown in
> the example below. https://kafka.apache.org/documentation/#security_ssl
>
> The issue I am facing is when I used my internal CA. Not sure what I am
> missing when I am creating the certificate.
>
> Thanks.
>
> Sent from my iPhone
>
> > On Aug 21, 2019, at 10:16 PM, Pere Urbón Bayes <pere.urbon@gmail.com>
> wrote:
> >
> > Hi,
> >   the error looks like a missing configuration value. A good source of
> > examples how to set up security can be found at
> > https://github.com/purbon/kafka-security-playbook or
> > https://docs.confluent.io/current/kafka/authentication_ssl.html.
> >
> > i would verify them and see if you're using the same configuration and
> > properly setup certificate stores.
> >
> > I hope it helps,
> >
> > -- Pere
> >
> >> On Thu, 22 Aug 2019, 05:49 Antony A <antonyaugustus@gmail.com> wrote:
> >>
> >> Hi,
> >>
> >> I have followed the steps to secure the brokers using SSL. I have signed
> >> the server certificate using internal CA. I have the keystore with
> server
> >> certificate, private key and the CA. Also the truststore has only the
> CA.
> >>
> >> Unfortunately I am unable to start the broker with the following server
> >> properties
> >>
> >> isteners=SSL://:9092
> >> security.inter.broker.protocol=SSL
> >> ssl.client.auth=required
> >>
> >> ssl.truststore.location=/tmp/kafka.server.truststore.jks
> >> ssl.truststore.password=password
> >> ssl.keystore.location=/tmp/kafka.server.keystore.jks
> >> ssl.keystore.password=password
> >> ssl.key.password=password
> >>
> >> # ACLs
> >> authorizer.class.name=kafka.security.auth.SimpleAclAuthorizer
> >> super.users=User:kafkabroker
> >>
> >>
> >> Here is the error in the logs
> >>
> >> org.apache.kafka.common.KafkaException:
> >> org.apache.kafka.common.config.ConfigException: Invalid value
> >> javax.net.ssl.SSLHandshakeException: General SSLEngine problem for
> >> configuration A client SSLEngine created with the provided settings
> can't
> >> connect to a server SSLEngine created with those settings.
> >>
> >> Any pointers on what to do?
> >>
> >> Thanks,
> >> Antony
> >>
> >> PS: Kafka Version 2.3
> >>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message