kafka-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Antony A <antonyaugus...@gmail.com>
Subject Re: kafka security using ssl
Date Thu, 22 Aug 2019 12:47:02 GMT
Yes. The truststore has the CA. The keystore has the CA, PRIVATE KEY used to create the CSR
and the SERVER CERT.

Sent from my iPhone

> On Aug 22, 2019, at 6:44 AM, Pere Urbón Bayes <pere.urbon@gmail.com> wrote:
> 
> you should verify a proper chain of validation. is your private ca cert in
> your trust store?
> 
>> On Thu, 22 Aug 2019, 14:40 Antony A <antonyaugustus@gmail.com> wrote:
>> 
>> Hi,
>> 
>> I was able to get the broker running if I used a CA created as shown in
>> the example below. https://kafka.apache.org/documentation/#security_ssl
>> 
>> The issue I am facing is when I used my internal CA. Not sure what I am
>> missing when I am creating the certificate.
>> 
>> Thanks.
>> 
>> Sent from my iPhone
>> 
>>> On Aug 21, 2019, at 10:16 PM, Pere Urbón Bayes <pere.urbon@gmail.com>
>> wrote:
>>> 
>>> Hi,
>>>  the error looks like a missing configuration value. A good source of
>>> examples how to set up security can be found at
>>> https://github.com/purbon/kafka-security-playbook or
>>> https://docs.confluent.io/current/kafka/authentication_ssl.html.
>>> 
>>> i would verify them and see if you're using the same configuration and
>>> properly setup certificate stores.
>>> 
>>> I hope it helps,
>>> 
>>> -- Pere
>>> 
>>>> On Thu, 22 Aug 2019, 05:49 Antony A <antonyaugustus@gmail.com> wrote:
>>>> 
>>>> Hi,
>>>> 
>>>> I have followed the steps to secure the brokers using SSL. I have signed
>>>> the server certificate using internal CA. I have the keystore with
>> server
>>>> certificate, private key and the CA. Also the truststore has only the
>> CA.
>>>> 
>>>> Unfortunately I am unable to start the broker with the following server
>>>> properties
>>>> 
>>>> isteners=SSL://:9092
>>>> security.inter.broker.protocol=SSL
>>>> ssl.client.auth=required
>>>> 
>>>> ssl.truststore.location=/tmp/kafka.server.truststore.jks
>>>> ssl.truststore.password=password
>>>> ssl.keystore.location=/tmp/kafka.server.keystore.jks
>>>> ssl.keystore.password=password
>>>> ssl.key.password=password
>>>> 
>>>> # ACLs
>>>> authorizer.class.name=kafka.security.auth.SimpleAclAuthorizer
>>>> super.users=User:kafkabroker
>>>> 
>>>> 
>>>> Here is the error in the logs
>>>> 
>>>> org.apache.kafka.common.KafkaException:
>>>> org.apache.kafka.common.config.ConfigException: Invalid value
>>>> javax.net.ssl.SSLHandshakeException: General SSLEngine problem for
>>>> configuration A client SSLEngine created with the provided settings
>> can't
>>>> connect to a server SSLEngine created with those settings.
>>>> 
>>>> Any pointers on what to do?
>>>> 
>>>> Thanks,
>>>> Antony
>>>> 
>>>> PS: Kafka Version 2.3
>>>> 
>> 

Mime
View raw message