You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@pulsar.apache.org by GitBox <gi...@apache.org> on 2021/12/16 08:40:57 UTC
[GitHub] [pulsar] xiasf commented on issue #13283: websocket when ssl tsl is enabled, error reported: Error during handshake
xiasf commented on issue #13283:
URL: https://github.com/apache/pulsar/issues/13283#issuecomment-995556861
❤ Thank you very much, Already solved, It's a configuration problem, but also because the documentation is not clear enough
These points solved my problem:
1. `bin/pulsar standalone` will not be used websocket.conf
2. ws client Trusting CA root certificates and set not to verify the host name
```python
ws = websocket.WebSocket(sslopt={'ca_certs': '/root/my-ca6/certs/ca.cert.pem', "check_hostname": False})
```
3. Note the difference between server certificate and client certificate issuance: `-extensions server_cert` or `-extensions usr_cert`
`
4. `tlsRequireTrustedClientCertOnConnect=true` If enabled, Configuration required:
client.conf
```
authPlugin=org.apache.pulsar.client.impl.auth.AuthenticationTls
authParams={"tlsCertFile":"/root/my-ca6/admin.cert.pem","tlsKeyFile":"/root/my-ca6/admin.key-pk8.pem"}
```
standalone.conf
```
brokerClientTlsEnabled=true
brokerClientAuthenticationPlugin=org.apache.pulsar.client.impl.auth.AuthenticationTls
brokerClientAuthenticationParameters={"tlsCertFile":"/root/my-ca6/admin.cert.pem","tlsKeyFile":"/root/my-ca6/admin.key-pk8.pem"}
brokerClientTrustCertsFilePath=/root/my-ca6/certs/ca.cert.pem
```
Related documents:
https://pulsar.apache.org/docs/en/next/security-tls-authentication/
https://github.com/apache/pulsar/issues/5598
https://github.com/apache/pulsar/issues/12313
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@pulsar.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org