Subject: Certificate request not coming mtls

Can you please help with this? While trying for mtls ssl.client.aut=required, server side in certificate request the DN are for some junk certificates which we have not deployed on server ReplyForward

Certificate request not coming mtls

Can you please help with this? While trying for mtls ssl.client.aut=required, server side in certificate request the DN are for some junk certificates which we have not deployed on server

Re: Mtls not working

Can you share your listeners propeties from server.properties בתאריך יום ה׳, 24 ביוני 2021, 19:49, מאת Anjali Sharma ‏< sharma.anjali.2...@gmail.com>: > But in the pcap I am able to see that it is taking some junk certificates > from client side > > On Thu, Jun 24, 2021, 21:58 Ran Lupovich wrot

Re: Mtls not working

But in the pcap I am able to see that it is taking some junk certificates from client side On Thu, Jun 24, 2021, 21:58 Ran Lupovich wrote: > Make sure that the date and time on the server is correct (The wrong time > will cause the SSL certificate connection to fail). > > בתאריך יום ה׳, 24 ביוני

Re: Mtls not working

Make sure that the date and time on the server is correct (The wrong time will cause the SSL certificate connection to fail). בתאריך יום ה׳, 24 ביוני 2021, 19:18, מאת Anjali Sharma ‏< sharma.anjali.2...@gmail.com>: > openssl s_client -connect 10.54.65.99:28105 > socket: Bad file descriptor > conn

Re: Mtls not working

openssl s_client -connect 10.54.65.99:28105 socket: Bad file descriptor connect:errno=9 This is the output we are getting On Thu, Jun 24, 2021 at 6:04 PM Shilin Wu wrote: > I think your port may not even be enabled with SSL. > > do this > "openssl s_client -connect :" > and show the result ? >

Re: How to avoid storing password in clear text in server.properties file

Thanks Tom ! It worked for me. such an important feature is missing documentation. Thanks, Dhirendra. On Tue, Jun 22, 2021 at 2:06 PM Tom Bentley wrote: > It was done in KIP-421 > < > https://cwiki.apache.org/confluence/pages/viewpage.action?pageId=100829515 > >, > though I guess it's not reall

Re: Question about Kafka ACL

You should investigate why person-b can create user and grant ACLs. Here might be some good reading on ACL related setup: https://docs.confluent.io/platform/current/kafka/authorization.html [image: Confluent] Wu Shilin Solution Architect +6581007012 Follow us: [image:

Re: Kafka 2.8.0 installation guide and pre-requisite details

Does this help? https://kafka.apache.org/documentation/#upgrade Since your version is somewhat old, you may have to follow the complete upgrade process, which could be painful. Alternatively, if you can setup a concurrently running new cluster in 2.8 and slowly move workload over, it might be eas

Re: vulnerabilities

I will try to report this as well. Thanks for pointing it out! [image: Confluent] Wu Shilin Solution Architect +6581007012 Follow us: [image: Blog]

Re: Mtls not working

I think your port may not even be enabled with SSL. do this "openssl s_client -connect :" and show the result ? [image: Confluent] Wu Shilin Solution Architect +6581007012 Follow us: [image: Blog]

Re: Mtls not working

This is the error we are getting [2021-06-22 10:59:45,049] ERROR [Consumer clientId=consumer-1, groupId=test-consumer-group] Connection to node -1 failed authentication due to: SSL handshake failed (org.apache.kafka.clients.NetworkClient) [2021-06-22 10:59:45,051] ERROR Authentication failed: t

Re: Mtls not working

You need to make sure the following one by one... Or you can post the message of error here so we can see exact error. > > > > > 1. Client trust store need to trust the server cert's issuer cert > > (AKA > > > > the > > > > > CA cert) > > > > > 2. The client must have a keystore that can be trust

Re: Mtls not working

Thanks for this but we are trying to do this on command line but getting this bad certificate error On Thu, Jun 24, 2021, 17:52 Shilin Wu wrote: > you may do openssl s_client -connect kafkahost:port to dump the cert. > > See if the cert makes sense. > > To test if your SSL works, you may try use

Re: Mtls not working

you may do openssl s_client -connect kafkahost:port to dump the cert. See if the cert makes sense. To test if your SSL works, you may try use this java program to test if you have SSL trust issue - if it connects ok, the cert trust is mostly to be okay. (remember to change your host name in code,

Re: Mtls not working

Had added those configuration but still seeing only junk certificates from client side ? Any idea how to solve? Thanks Anjali On Thu, Jun 24, 2021, 17:44 Shilin Wu wrote: > ssl.truststore.location=/root/truststore.jks > > ssl.truststore.type=JKS > > ssl.truststore.password=changeme > > ssl.key

Re: Mtls not working

ssl.truststore.location=/root/truststore.jks ssl.truststore.type=JKS ssl.truststore.password=changeme ssl.keystore.location=/root/alice.jks ssl.keystore.type=JKS ssl.keystore.password=changeme security.protocol=SSL bootstrap.server=cp-kafka1:9093 ssl.endpoint.identification.algorithm=https

Re: [ANNOUNCE] New Kafka PMC Member: Konstantine Karantasis

Congratulations Konstantine and thank you for your contribution! I wish you the best! On 6/21/21 6:28 PM, Mickael Maison wrote: Hi, It's my pleasure to announce that Konstantine Karantasis is now a member of the Kafka PMC. Konstantine has been a Kafka committer since Feb 2020. He has remained