[
https://issues.apache.org/jira/browse/KAFKA-12228?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Alexey Kashavkin resolved KAFKA-12228.
--------------------------------------
Resolution: Not A Bug
> Kafka won't start with PEM certificate
> --------------------------------------
>
> Key: KAFKA-12228
> URL: https://issues.apache.org/jira/browse/KAFKA-12228
> Project: Kafka
> Issue Type: Bug
> Components: clients
> Affects Versions: 2.7.0
> Reporter: Alexey Kashavkin
> Priority: Major
> Attachments: kafka.log
>
>
> I found that Kafka 2.7.0 supports PEM certificates and I decided to try
> setting up the broker with DigiCert SSL certificate. I used new options and I
> did everything like in example in
> [KIP-651|https://cwiki.apache.org/confluence/display/KAFKA/KIP-651+-+Support+PEM+format+for+SSL+certificates+and+private+key].
> But I get the error:
> {code:bash}
> [2021-01-20 17:54:55,787] ERROR [KafkaServer id=0] Fatal error during
> KafkaServer startup. Prepare to shutdown (kafka.server.KafkaServer)
> org.apache.kafka.common.config.ConfigException: Invalid value
> javax.net.ssl.SSLHandshakeException: no cipher suites in common for
> configuration A client SSLEngine created with the provided settings can't
> connect to a server SSLEngine created with those settings.
> at
> org.apache.kafka.common.security.ssl.SslFactory.configure(SslFactory.java:98)
> at
> org.apache.kafka.common.network.SslChannelBuilder.configure(SslChannelBuilder.java:72)
> at
> org.apache.kafka.common.network.ChannelBuilders.create(ChannelBuilders.java:157)
> at
> org.apache.kafka.common.network.ChannelBuilders.serverChannelBuilder(ChannelBuilders.java:97)
> at kafka.network.Processor.<init>(SocketServer.scala:790)
> at kafka.network.SocketServer.newProcessor(SocketServer.scala:415)
> at
> kafka.network.SocketServer.$anonfun$addDataPlaneProcessors$1(SocketServer.scala:288)
> at
> kafka.network.SocketServer.addDataPlaneProcessors(SocketServer.scala:287)
> at
> kafka.network.SocketServer.$anonfun$createDataPlaneAcceptorsAndProcessors$1(SocketServer.scala:254)
> at
> kafka.network.SocketServer.$anonfun$createDataPlaneAcceptorsAndProcessors$1$adapted(SocketServer.scala:251)
> at scala.collection.IterableOnceOps.foreach(IterableOnce.scala:553)
> at scala.collection.IterableOnceOps.foreach$(IterableOnce.scala:551)
> at scala.collection.AbstractIterable.foreach(Iterable.scala:920)
> at
> kafka.network.SocketServer.createDataPlaneAcceptorsAndProcessors(SocketServer.scala:251)
> at kafka.network.SocketServer.startup(SocketServer.scala:125)
> at kafka.server.KafkaServer.startup(KafkaServer.scala:303)
> at
> kafka.server.KafkaServerStartable.startup(KafkaServerStartable.scala:44)
> at kafka.Kafka$.main(Kafka.scala:82)
> at kafka.Kafka.main(Kafka.scala)
> {code}
> Java is used:
> {code:bash}
> openjdk version "1.8.0_272"
> OpenJDK Runtime Environment (build 1.8.0_272-b10)
> OpenJDK 64-Bit Server VM (build 25.272-b10, mixed mode)
> {code}
> OS is Centos 7.8.2003
> _openssl x509 -in certificate.pem -text :_
> {code:java}
> Certificate:
> ...
> Signature Algorithm: ecdsa-with-SHA384
> ...
> Subject Public Key Info:
> Public Key Algorithm: id-ecPublicKey
> Public-Key: (256 bit)
> {code}
> Log is attached.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
