Hi, I'm trying to start kafka services using SASL_SSL. I am using SCRAM as the
authentication method. But I am getting error. Error details are attached.
org.apache.kafka.common.KafkaException:
org.apache.kafka.common.config.ConfigException: Invalid value
javax.net.ssl.SSLHandshakeException: No
___
From: sham singh
Sent: Thursday, December 21, 2017 4:06 PM
To: users@kafka.apache.org
Subject: Re: Kafka SSL error
Ted - i'm not seeing any difference in the Non-w
hello,
here is the update on this ..
seems the script ->
*/usr/hdp/2.5.3.0-37/kafka/bin/kafka-producer-perf-test.sh *
has an issue in SSL mode, it seems to not be able to recognize the
security-protocol=SSL & the config file passed i.e. when the truststore,
password is passed through the config f
Ted - i'm not seeing any difference in the Non-working & working clusters ..
Another thing, seem like there is some issue with the connectivity .. the
console consumer gets disconnected
/usr/hdp/2.5.3.0-37/kafka/bin/kafka-console-consumer.sh --new-consumer
--topic mmtest1 --bootstrap-server host1
Since you're using a Vendor's distro, can you post on their community page ?
BTW do you notice any difference in settings between the working cluster
and this cluster ?
Cheers
On Thu, Dec 21, 2017 at 12:27 PM, sham singh
wrote:
> Hello All -
> I'm getting this error, when publishing messages t
Hello All -
I'm getting this error, when publishing messages to Kafka topic using SSL
mode,
Command to publish messages :
*/usr/hdp/2.5.3.0-37/kafka/bin/kafka-producer-perf-test.sh --messages
100 --message-size 1000 --topics mmtest4 \*
*--broker-list :9093,:9093,:9093, \*
*--threads 1 --compr
Thanks Jakub .. for your inputs & help in this !
I was able to get this to work last week..
On Thu, Sep 21, 2017 at 12:22 AM, Jakub Scholz wrote:
> Hi,
>
> If you want the Kafka broker to present the whole chain you have to use the
> chain when creating the PKCS12 file (use the chain instead of
Hi,
If you want the Kafka broker to present the whole chain you have to use the
chain when creating the PKCS12 file (use the chain instead of the host
certificate). As you mentioned, the chain should be in the order 1) server
cert, 2) intermediate cert and 3) root cert. It will be then automatical
Another point ..
on adding the chain.p12 (PKCS#12 format) .. order of the certs in the
keystore is as shown below
Alias : 1
Cert[1] -> server cert
Cert[2] -> Intermediate cert
Cert[3] -> Root cert
mentioning that, since one of the articles i read mentioned that the certs
imported should be in fol
Hi Jakub,
Thanks for the detailed note...
here is the update ->
I was able to convert the host.cert.pem to PKCS#12 & import the cert into
the kafka.server.keystore.jks
(also into kafka.server.truststore.jks)
wrt the host.root.pem & host.intermed.pem certs - i'm assuming i need to
convert them to
ad 1) The problem is that the signed certificate (host.cert.pem) which the
CA provides is only the public key. You have to combine it with the private
key which you created when requesting the signed certificate. The private
key is never sent to the CA so they cannot provide it back. You or whoever
Hello
- thanks for the response
Here is the update on the issue.
I'm using certs signed/provided by org-wide CA (geotrust, not a self-signed
cert)
The Signed(by the CA - geotrust) cert provided has 3 certificates
- host.chain.pem (certificate chain - contains the Root, Intermediate,
Signed Server
Hi,
Looking at your commands it looks as if you generated a self signed key for
server, self signed key for client and then imported the CA keys public
keys into the truststores. I don’t think this will work because now you
have two different self signed keys in the keystores and the presumably th
Hello All -
I was able to set up SSL for the Kafka brokers, using OpenSSL.
however, I'm having issues with setting up SSL using the pem file (i.e. SSL
certificate - certified by CA, provided by the company)
Here is what i've done -
created the server/client keystore & truststore files and importe
14 matches
Mail list logo
