在KAFKA中启用SSL时获取SSL握手错误
[英]Getting SSL handshake error while Enabling SSL in KAFKA
问题描述
I'm getting SSL handshake failed when I start producer to push data, did below settings: 
当我启动生产者推送数据时,我得到SSL握手失败,做了以下设置:
1. Followed steps as per
https://docs.confluent.io/2.0.0/kafka/ssl.html to create keystore
2. Started zookeeper with default settings
3. Made below changes in kafka server properties:
a. listeners=SSL://hostName:9092
b. ssl.keystore.location =/home/kafka_2.12-
2.2.0/kafka.server.keystore.jks
c. ssl.keystore.password =keystore
d. ssl.key.password =keystore
e. ssl.truststore.location =/home/kafka_2.12-
2.2.0/kafka.server.truststore.jks
f. ssl.truststore.password =keystore
g. ssl.endpoint.identification.algorithm=HTTPS
h. advertised.listeners=SSL://hostName:9092
i. inter.broker.listener.name=SSL
j. listener.security.protocol.map=SSL:SSL
After doing above steps, I was able to start kafka server and server got started. 完成上述步骤后,我能够启动kafka服务器并启动服务器。
Command bin/zookeeper-shell.sh localhost:2181 <<< "get /brokers/ids/0" gave below output that means broker id 0 was up and listening on
SSL://hostName:9092
Connecting to localhost:2181
Welcome to ZooKeeper!
JLine support is disabled
WATCHER::
WatchedEvent state:SyncConnected type:None path:null
{"listener_security_protocol_map":{"SSL":"SSL"},"endpoints":
["SSL://hostName:9092"]
,"jmx_port":-1,"host":null,"timestamp":"1559106754150"
,"port":-1,"version":4}
cZxid = 0x425
ctime = Wed May 29 10:42:34 IST 2019
mZxid = 0x425
mtime = Wed May 29 10:42:34 IST 2019
pZxid = 0x425
cversion = 0
dataVersion = 1
aclVersion = 0
ephemeralOwner = 0x1004d6fe052000a
dataLength = 159
numChildren = 0
But when I'm starting kafka producer to push data, I'm getting SSL handshake error on kafka server console 但是当我启动kafka生产者推送数据时,我在kafka服务器控制台上遇到了SSL握手错误
To start producer bin/kafka-console-producer.sh --broker-list hostName:9092 --topic test3 要启动生产者bin / kafka-console-producer.sh --broker-list hostName:9092 --topic test3
[2019-05-29 10:45:57,808] INFO [SocketServer brokerId=0] Failed
authentication with /101.101.101.101 (SSL handshake failed)
(org.apache.kafka.common.network.Selector)
[2019-05-29 10:45:58,143] INFO [SocketServer brokerId=0] Failed
authentication with /101.101.101.101 (SSL handshake failed)
(org.apache.kafka.common.network.Selector)
[2019-05-29 10:45:58,728] INFO [SocketServer brokerId=0] Failed
authentication with /101.101.101.101 (SSL handshake failed)
(org.apache.kafka.common.network.Selector)
[2019-05-29 10:45:59,613] INFO [SocketServer brokerId=0] Failed
authentication with /101.101.101.101 (SSL handshake failed)
(org.apache.kafka.common.network.Selector)
[2019-05-29 10:46:00,600] INFO [SocketServer brokerId=0] Failed
authentication with /101.101.101.101 (SSL handshake failed)
(org.apache.kafka.common.network.Selector)
[2019-05-29 10:46:01,688] INFO [SocketServer brokerId=0] Failed
authentication with /101.101.101.101 (SSL handshake failed)
(org.apache.kafka.common.network.Selector)
[2019-05-29 10:46:02,928] INFO [SocketServer brokerId=0] Failed
authentication with /101.101.101.101 (SSL handshake failed)
(org.apache.kafka.common.network.Selector)
Note: Kafka broker server and producer are on same host 注意:Kafka代理服务器和生产者位于同一主机上
Expecting Producer should push data to broker which is running on same localhost. 期望生产者应该将数据推送到在同一本地主机上运行的代理。 Consumer from another node should be able to consume. 来自另一个节点的消费者应该能够消费。 Data should be encrypted as we are enabling SSL 我们启用SSL时应加密数据
1 个解决方案
解决方案1
0 2019-05-31 09:48:06
was using single way handshaking. 正在使用单向握手。 Now got this issue resolved by implementing two way handshaking 现在通过实施双向握手解决了这个问题
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.