[jira] [Comment Edited] (KAFKA-9354) SSL handshake failed without ssl.endpoint.identification.algorithm= and with a valid certificate and with security.inter.broker.protocol=SSL

Thu, 09 Jan 2020 03:39:38 -0800 


    [ 
https://issues.apache.org/jira/browse/KAFKA-9354?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17011728#comment-17011728
 ] 

Agostino Sarubbo edited comment on KAFKA-9354 at 1/9/20 11:38 AM:
------------------------------------------------------------------

I discovered the origin of the issue:

While I'm trying to check the SubjectAlternativeName via:

'keytool -list -v -keystore $FILE'

I'm able to see all specified SAN.

 

While, from one of the kafka machines I'm trying to do:
 openssl s_client -servername other.kafka.server -connect 
other.kafka.server:9093 | openssl x509 -noout -text | grep DNS

 

I don't see anything.

 

In the meantime,

'keytool -printcert -sslserver  other.kafka.server:9093'

shows the SAN

 

Any idea?


was (Author: ago):
I discovered the origin of the issue:

While I'm trying to check the SubjectAlternativeName via:

'keytool -list -v -keystore $FILE'

I'm able to see all specified SAN.

 

While, from one of the kafka machines I'm trying to do:
openssl s_client -servername other.kafka.server -connect 
other.kafka.server:9093 | openssl x509 -noout -text | grep DNS

 

I don't see anything.

 

Any idea?

> SSL handshake failed without ssl.endpoint.identification.algorithm= and with 
> a valid certificate and with security.inter.broker.protocol=SSL
> --------------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: KAFKA-9354
>                 URL: https://issues.apache.org/jira/browse/KAFKA-9354
>             Project: Kafka
>          Issue Type: Bug
>          Components: core
>    Affects Versions: 2.3.1
>         Environment: Centos 7
>            Reporter: Agostino Sarubbo
>            Priority: Major
>
> I tried to make an SSL setup but the documentation looks to be incomplete 
> (See also: KAFKA-9308 )
> I fixed the issue locally and now I'm able to see:
>  SubjectAlternativeName [ 
>   DNSName: my.dns.com
>  ]
>  
> However it still fails to connect because of "SSL handshake failed 
> (org.apache.kafka.clients.NetworkClient)"
> It happens only after I set security.inter.broker.protocol=SSL
> Do I am missing something?



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to