"failed authentication due to: SSL handshake failed" --> Ensure having keys, certificates and CA certificates in place; are the brokers connecting together to discard issue in broker side?
"javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?" --> Having security.inter.broker.protocol=SSL for brokers communication? <http://www.williamhill.com/> <http://www.whenthefunstops.co.uk/> Jose Manuel Vega Monroy Java Developer / Software Developer Engineer in Test Direct: +0035 0 2008038 (Ext. 8038) Email: jose.mon...@williamhill.com William Hill | 6/1 Waterport Place | Gibraltar | GX11 1AA On 11/08/2020, 17:09, "Павел Шевцов" <paulshevt...@gmail.com> wrote: I configured Kafka to work over SSL without authorization. I rebooted Kafka and I get a certificate on a test connection. (openssl s_client -connect <hostname>:9093) But when I try to connect with the producer, I get an error - "failed authentication due to: SSL handshake failed (org.apache.kafka.clients.NetworkClient)" I added debugs (export KAFKA_OPTS="-Djavax.net.debug=ssl") and I get a message (javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?) My kafka server.properties --------------- broker.id=10 listeners=PLAINTEXT://0.0.0.0:9092,SSL://0.0.0.0:9093 advertised.listeners=PLAINTEXT://<hostname>:9092,SSL://<hostname>:9093 <skip> ssl.keystore.location=/etc/ssl/kafka/kafka.server.keystore.jks ssl.keystore.password=<secret> ssl.key.password=<secret> ssl.truststore.location=/etc/ssl/kafka/kafka.server.truststore.jks ssl.truststore.password=<secret> ssl.endpoint.identification.algorithm= <skip> -------------------- Command to use producer /usr/local/kafka/bin/kafka-console-producer.sh --broker-list <hostname>:9093 --topic kafka-security-topic --producer.config /root/client-ssl/client.properties client.properties -------------- security.protocol=SSL ssl.truststore.location=/root/client-ssl/kafka.client.truststore.jks ssl.truststore.password=clientpass ------------ Kafka version - 2.13-2.6.0 Any ideas? Confidentiality: The contents of this e-mail and any attachments transmitted with it are intended to be confidential to the intended recipient; and may be privileged or otherwise protected from disclosure. If you are not an intended recipient of this e-mail, do not duplicate or redistribute it by any means. Please delete it and any attachments and notify the sender that you have received it in error. This e-mail is sent by a William Hill PLC group company. The William Hill group companies include, among others, William Hill PLC (registered number 4212563), William Hill Organization Limited (registered number 278208), William Hill US HoldCo Inc, WHG (International) Limited (registered number 99191) and Mr Green Limited (registered number C43260). Each of William Hill PLC and William Hill Organization Limited is registered in England and Wales and has its registered office at 1 Bedford Avenue, London, WC1B 3AU, UK. William Hill U.S. HoldCo, Inc. is registered in Delaware and has its registered office at 1007 N. Orange Street, 9 Floor, Wilmington, New Castle County DE 19801 Delaware, United States of America. WHG (International) Limited is registered in Gibraltar and has its registered office at 6/1 Waterport Place, Gibraltar. Mr Green Limited is registered in Malta and has its registered office at Tagliaferro Business Centre, Level 7, 14 High Street, Sliema SLM 1549, Malta. Unless specifically indicated otherwise, the contents of this e-mail are subject to contract; and are not an official statement, and do not necessarily represent the views, of William Hill PLC, its subsidiaries or affiliated companies. Please note that neither William Hill PLC, nor its subsidiaries and affiliated companies can accept any responsibility for any viruses contained within this e-mail and it is your responsibility to scan any emails and their attachments. William Hill PLC, its subsidiaries and affiliated companies may monitor e-mail traffic data and also the content of e-mails for effective operation of the e-mail system, or for security, purposes.
