Hey Walchester, There's a confluent community slack Workspace having a #security channel where you can post your question. Also, have you filed a bug in AK JIRA which can also help you get the traction of some of the community members who have expertise in this area.
Thanks! Sagar. On Thu, Oct 19, 2023 at 11:52 AM Walchester Gaw <w...@iqbackoffice.com> wrote: > Hello. > > Is there something like a community page for Kafka where I can reach out to > the community where hopefully someone with a similar setup can help? > > Thanks, > Chester > > > On Thu, Oct 12, 2023 at 10:48 AM Walchester Gaw <w...@iqbackoffice.com> > wrote: > > > Hello. > > > > I am trying to implement Quorum TLS by following the instructions in > > https://zookeeper.apache.org/doc/r3.5.7/zookeeperAdmin.html#Quorum+TLS, > > but I keep on encountering the following errors after doing the second > > rolling restart where sslQuorum set to true. > > > > - [2023-10-11 05:46:03,250] WARN Cannot open channel to 3 at election > > address /xxx.xx.xx.xxx:xxxx ( > > org.apache.zookeeper.server.quorum.QuorumCnxManager) > > javax.net.ssl.SSLHandshakeException: Received fatal alert: > > handshake_failure > > - [2023-10-11 05:47:12,513] WARN Closing connection to /xxx.xx.xx. > > xxx:xxxx (org.apache.zookeeper.server.NettyServerCnxn) > > java.io.IOException: ZK down > > > > Our current Cluster setup consists of 3 Linux servers (Amazon EC2 > > instances) which contains one Zookeeper and Broker for each server. I > have > > tried using Private IP DNS name and Public IPv4 DNS as the alias and > > distinguished name when generating the self signed certificate for each > of > > the servers. For the generation of CA key and CA certificate, I used the > > Private IP DNS name and Public IPv4 DNS of one the servers as the common > > name respectively. Do note I am generating all keystores/truststore in > just > > one server (this server's IP is indicated in CA key and CA cert) and > > distributing them accordingly. > > > > I made sure that all ZK is up and running when I am getting the ZK down > > issue and I am getting that error for all three ZKs. I can also confirm > > that the file path indicated in the zookeeper.properties where the > keystore > > and truststore is located is correct. > > > > Can someone assist regarding this? What am I missing here? Let me know > if > > you need more information. > > > > I am also unsure if there is something like a community page for Kafka > > where I can reach out to the community where hopefully someone with a > > similar setup can help. > > > > Thanks, > > Chester > > >
