You can try two things. Instead of localhost, can you publish the kafka service on Hostname?
Since ur client.auth is none, can you try removing keystore from the producer? Regards, Sunil. On Fri, 7 Oct 2022 at 2:56 PM, Namita Jaokar <jaokarnami...@gmail.com> wrote: > Hi All, > > I am trying to enable SSL in my kafka broker and have generated required > certificates following the steps provided in the official documentation. > I have also made changes in Kafka's server.properties to enable SSL. On > starting zookeeper followed by kafka server startup, There are no error in > the logs in either of them. > However, When I configured my spring-boot producer application and tried > publishing the message, I am getting below error in the producer > application > > *Producer application error log:* > > [Producer clientId=producer-1] Bootstrap broker localhost:9093 (id: -1 > rack: null) disconnected > > [Producer clientId=producer-1] Connection to node -1 (localhost/ > 127.0.0.1:9093) could not be established. Broker may not be available. > > > > Simultaneously, The kafka server as well gives below error > > > *Kafka server log:* > > INFO [SocketServer listenerType=ZK_BROKER, nodeId=0] Failed authentication > with /127.0.0.1 (SSL handshake failed) > (org.apache.kafka.common.network.Selector) > > > I have added below properties in my producer application for SSL > Configuration: > > spring.kafka.bootstrap-servers: localhost:9092,localhost:9093 > spring.kafka.properties.ssl.endpoint.identification.algorithm: > spring.kafka.properties.ssl.protocol: SSL > spring.kafka.properties.ssl.trust-store-location: > pathtocert/kafka.server.truststore.jks > spring.kafka.properties.ssl.trust-store-password: mypassword > spring.kafka.properties.ssl.key-store-location: > pathtocert/kafka.server.keystore.jks > spring.kafka.properties.ssl.key-store-password: mypassword > spring.kafka.properties.ssl.key-password: mypassword > > Below are my server.properties configurations of kafka server to enable > SSL. > > listeners=PLAINTEXT://:9092,SSL://localhost:9093 > advertised.listeners=PLAINTEXT://localhost:9092,SSL://localhost:9093 > ssl.endpoint.identification.algorithm= > ssl.client.auth=none > ssl.enabled.protocols=TLSv1.2,TLSv1.1,TLSv1.3,TLSv1 > ssl.keystore.type=jks > ssl.truststore.type=jks > ssl.keystore.location=pathtocert/kafka.server.keystore.jks > ssl.keystore.password=mypassword > ssl.key.password=password > ssl.truststore.location=pathtocert/kafka.server.truststore.jks > ssl.truststore.password=mypassword > security.inter.broker.protocol = SSL > listener.security.protocol.map=PLAINTEXT:PLAINTEXT,SSL:SSL > > > > Can someone please help me resolve the issue. > > > Thanks & Regards, > > Namita >
