Are you using any of the advertised.* configs by any chance? If so, you have to use advertised.listeners only, the other ones will only advertise a PLAINTEXT listener.
Ismael On Fri, May 13, 2016 at 12:24 AM, Mayuresh Gharat < gharatmayures...@gmail.com> wrote: > Thanks a lot Ismael :) > > Was able to get pass it. > > > Now trying to figure out from broker logs : > > > INFO [KafkaApis] [kafka-request-handler-0] [kafka-server] [] [KafkaApi-0] > Auto creation of topic testToic_1 with 8 partitions and replication factor > 1 is successful! > [KafkaApis] [kafka-request-handler-0] [kafka-server] [] [KafkaApi-0] Error > when handling request Name: TopicMetadataRequest; Version: 0; > CorrelationId: 0; ClientId: producer-1; Topics: testToic_1 > kafka.common.BrokerEndPointNotAvailableException: End point SSL not found > for broker 0 > > > > > > Thanks, > > Mayuresh > > On Thu, May 12, 2016 at 2:40 PM, Ismael Juma <ism...@juma.me.uk> wrote: > > > Hi Mayuresh, > > > > You need to enable client authentication by setting `ssl.client.auth` to > > `required` or `requested` (I suggest the former). > > > > Ismael > > > > On Thu, May 12, 2016 at 10:35 PM, Mayuresh Gharat < > > gharatmayures...@gmail.com> wrote: > > > > > HI I am trying to establish an SSL connection from kafkaProducer and > send > > > certificate to the Kafka Broker. > > > > > > > > > I deploy my kafka broker locally running 2 ports : > > > *listeners = PLAINTEXT://:9092,SSL://:16637 * > > > > > > *My KafkaBroker SSL configs look like this :* > > > > > > ssl.protocol = TLS > > > ssl.trustmanager.algorithm = SunX509 > > > ssl.keymanager.algorithm = SunX509 > > > ssl.keystore.type = VALUE1 > > > ssl.keystore.location = /a/b/c > > > ssl.keystore.password = xyz > > > ssl.key.password = xyz > > > ssl.truststore.type = JKS > > > ssl.truststore.location = /u/v/w > > > ssl.truststore.password = 123 > > > > > > I run my producer locally on the same linux box as my KafkaBroker. > > > My produce command looks like this : > > > > > > *bin/kafka-producer-perf-test.sh --num-records 10 --topic testToic_1 > > > --record-size 10 --throughput 1 --producer-props * > > > bootstrap.servers = localhost://:16637 > > > security.protocol = SSL > > > ssl.protocol = TLS > > > ssl.trustmanager.algorithm = SunX509 > > > ssl.keymanager.algorithm = SunX509 > > > ssl.keystore.type = VALUE1 > > > ssl.keystore.location = /a/b/c > > > ssl.keystore.password = xyz > > > ssl.key.password = xyz > > > ssl.truststore.type = JKS > > > ssl.truststore.location = /u/v/w > > > ssl.truststore.password = 123 > > > > > > > > > On kafka broker, when I do inside buildPrincipal() api of > PricipalBuilder > > > > > > SSLSession session = ((SslTransportLayer)transportLayer).sslSession(); > > > session.getPeerCertificates() > > > > > > I get: > > > *org.apache.kafka.common.KafkaException: > > > javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated* > > > > > > > > > I ran this command as listed here > > > http://kafka.apache.org/documentation.html#security_ssl : > > > > > > *openssl s_client -debug -connect localhost:16637 -tls1* > > > > > > and was able to see the certificate. > > > > > > I am not able to understand the peer not authenticated exception here. > > > Am I missing any SSL config on producer request? > > > > > > > > > > > > -- > > > -Regards, > > > Mayuresh R. Gharat > > > (862) 250-7125 > > > > > > > > > -- > -Regards, > Mayuresh R. Gharat > (862) 250-7125 >
