Getting SSL handshake error while Enabling SSL in KAFKA
Question
I'm getting SSL handshake failed when I start producer to push data, did below settings:
1. Followed steps as per
https://docs.confluent.io/2.0.0/kafka/ssl.html to create keystore
2. Started zookeeper with default settings
3. Made below changes in kafka server properties:
a. listeners=SSL://hostName:9092
b. ssl.keystore.location =/home/kafka_2.12-
2.2.0/kafka.server.keystore.jks
c. ssl.keystore.password =keystore
d. ssl.key.password =keystore
e. ssl.truststore.location =/home/kafka_2.12-
2.2.0/kafka.server.truststore.jks
f. ssl.truststore.password =keystore
g. ssl.endpoint.identification.algorithm=HTTPS
h. advertised.listeners=SSL://hostName:9092
i. inter.broker.listener.name=SSL
j. listener.security.protocol.map=SSL:SSL
After doing above steps, I was able to start kafka server and server got started.
Command bin/zookeeper-shell.sh localhost:2181 <<< "get /brokers/ids/0" gave below output that means broker id 0 was up and listening on
SSL://hostName:9092
Connecting to localhost:2181
Welcome to ZooKeeper!
JLine support is disabled
WATCHER::
WatchedEvent state:SyncConnected type:None path:null
{"listener_security_protocol_map":{"SSL":"SSL"},"endpoints":
["SSL://hostName:9092"]
,"jmx_port":-1,"host":null,"timestamp":"1559106754150"
,"port":-1,"version":4}
cZxid = 0x425
ctime = Wed May 29 10:42:34 IST 2019
mZxid = 0x425
mtime = Wed May 29 10:42:34 IST 2019
pZxid = 0x425
cversion = 0
dataVersion = 1
aclVersion = 0
ephemeralOwner = 0x1004d6fe052000a
dataLength = 159
numChildren = 0
But when I'm starting kafka producer to push data, I'm getting SSL handshake error on kafka server console
To start producer bin/kafka-console-producer.sh --broker-list hostName:9092 --topic test3
[2019-05-29 10:45:57,808] INFO [SocketServer brokerId=0] Failed
authentication with /101.101.101.101 (SSL handshake failed)
(org.apache.kafka.common.network.Selector)
[2019-05-29 10:45:58,143] INFO [SocketServer brokerId=0] Failed
authentication with /101.101.101.101 (SSL handshake failed)
(org.apache.kafka.common.network.Selector)
[2019-05-29 10:45:58,728] INFO [SocketServer brokerId=0] Failed
authentication with /101.101.101.101 (SSL handshake failed)
(org.apache.kafka.common.network.Selector)
[2019-05-29 10:45:59,613] INFO [SocketServer brokerId=0] Failed
authentication with /101.101.101.101 (SSL handshake failed)
(org.apache.kafka.common.network.Selector)
[2019-05-29 10:46:00,600] INFO [SocketServer brokerId=0] Failed
authentication with /101.101.101.101 (SSL handshake failed)
(org.apache.kafka.common.network.Selector)
[2019-05-29 10:46:01,688] INFO [SocketServer brokerId=0] Failed
authentication with /101.101.101.101 (SSL handshake failed)
(org.apache.kafka.common.network.Selector)
[2019-05-29 10:46:02,928] INFO [SocketServer brokerId=0] Failed
authentication with /101.101.101.101 (SSL handshake failed)
(org.apache.kafka.common.network.Selector)
Note: Kafka broker server and producer are on same host
Expecting Producer should push data to broker which is running on same localhost. Consumer from another node should be able to consume. Data should be encrypted as we are enabling SSL
1 answers
solution1
0 2019-05-31 09:48:06
was using single way handshaking. Now got this issue resolved by implementing two way handshaking
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.