kafka-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Pere Urbón Bayes <pere.ur...@gmail.com>
Subject Re: kafka security using ssl
Date Thu, 22 Aug 2019 04:16:46 GMT
Hi,
   the error looks like a missing configuration value. A good source of
examples how to set up security can be found at
https://github.com/purbon/kafka-security-playbook or
https://docs.confluent.io/current/kafka/authentication_ssl.html.

i would verify them and see if you're using the same configuration and
properly setup certificate stores.

I hope it helps,

-- Pere

On Thu, 22 Aug 2019, 05:49 Antony A <antonyaugustus@gmail.com> wrote:

> Hi,
>
> I have followed the steps to secure the brokers using SSL. I have signed
> the server certificate using internal CA. I have the keystore with server
> certificate, private key and the CA. Also the truststore has only the CA.
>
> Unfortunately I am unable to start the broker with the following server
> properties
>
> isteners=SSL://:9092
> security.inter.broker.protocol=SSL
> ssl.client.auth=required
>
> ssl.truststore.location=/tmp/kafka.server.truststore.jks
> ssl.truststore.password=password
> ssl.keystore.location=/tmp/kafka.server.keystore.jks
> ssl.keystore.password=password
> ssl.key.password=password
>
> # ACLs
> authorizer.class.name=kafka.security.auth.SimpleAclAuthorizer
> super.users=User:kafkabroker
>
>
> Here is the error in the logs
>
> org.apache.kafka.common.KafkaException:
> org.apache.kafka.common.config.ConfigException: Invalid value
> javax.net.ssl.SSLHandshakeException: General SSLEngine problem for
> configuration A client SSLEngine created with the provided settings can't
> connect to a server SSLEngine created with those settings.
>
> Any pointers on what to do?
>
> Thanks,
> Antony
>
> PS: Kafka Version 2.3
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message