you should verify a proper chain of validation. is your private ca cert in your trust store?
On Thu, 22 Aug 2019, 14:40 Antony A <antonyaugus...@gmail.com> wrote: > Hi, > > I was able to get the broker running if I used a CA created as shown in > the example below. https://kafka.apache.org/documentation/#security_ssl > > The issue I am facing is when I used my internal CA. Not sure what I am > missing when I am creating the certificate. > > Thanks. > > Sent from my iPhone > > > On Aug 21, 2019, at 10:16 PM, Pere Urbón Bayes <pere.ur...@gmail.com> > wrote: > > > > Hi, > > the error looks like a missing configuration value. A good source of > > examples how to set up security can be found at > > https://github.com/purbon/kafka-security-playbook or > > https://docs.confluent.io/current/kafka/authentication_ssl.html. > > > > i would verify them and see if you're using the same configuration and > > properly setup certificate stores. > > > > I hope it helps, > > > > -- Pere > > > >> On Thu, 22 Aug 2019, 05:49 Antony A <antonyaugus...@gmail.com> wrote: > >> > >> Hi, > >> > >> I have followed the steps to secure the brokers using SSL. I have signed > >> the server certificate using internal CA. I have the keystore with > server > >> certificate, private key and the CA. Also the truststore has only the > CA. > >> > >> Unfortunately I am unable to start the broker with the following server > >> properties > >> > >> isteners=SSL://:9092 > >> security.inter.broker.protocol=SSL > >> ssl.client.auth=required > >> > >> ssl.truststore.location=/tmp/kafka.server.truststore.jks > >> ssl.truststore.password=password > >> ssl.keystore.location=/tmp/kafka.server.keystore.jks > >> ssl.keystore.password=password > >> ssl.key.password=password > >> > >> # ACLs > >> authorizer.class.name=kafka.security.auth.SimpleAclAuthorizer > >> super.users=User:kafkabroker > >> > >> > >> Here is the error in the logs > >> > >> org.apache.kafka.common.KafkaException: > >> org.apache.kafka.common.config.ConfigException: Invalid value > >> javax.net.ssl.SSLHandshakeException: General SSLEngine problem for > >> configuration A client SSLEngine created with the provided settings > can't > >> connect to a server SSLEngine created with those settings. > >> > >> Any pointers on what to do? > >> > >> Thanks, > >> Antony > >> > >> PS: Kafka Version 2.3 > >> >
