You are viewing a plain text version of this content. The canonical link for it is here.
Posted to jira@kafka.apache.org by "Agostino Sarubbo (Jira)" <ji...@apache.org> on 2020/01/09 11:39:00 UTC
[jira] [Comment Edited] (KAFKA-9354) SSL handshake failed without
ssl.endpoint.identification.algorithm= and with a valid certificate and
with security.inter.broker.protocol=SSL
[ https://issues.apache.org/jira/browse/KAFKA-9354?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17011728#comment-17011728 ]
Agostino Sarubbo edited comment on KAFKA-9354 at 1/9/20 11:38 AM:
------------------------------------------------------------------
I discovered the origin of the issue:
While I'm trying to check the SubjectAlternativeName via:
'keytool -list -v -keystore $FILE'
I'm able to see all specified SAN.
While, from one of the kafka machines I'm trying to do:
openssl s_client -servername other.kafka.server -connect other.kafka.server:9093 | openssl x509 -noout -text | grep DNS
I don't see anything.
In the meantime,
'keytool -printcert -sslserver other.kafka.server:9093'
shows the SAN
Any idea?
was (Author: ago):
I discovered the origin of the issue:
While I'm trying to check the SubjectAlternativeName via:
'keytool -list -v -keystore $FILE'
I'm able to see all specified SAN.
While, from one of the kafka machines I'm trying to do:
openssl s_client -servername other.kafka.server -connect other.kafka.server:9093 | openssl x509 -noout -text | grep DNS
I don't see anything.
Any idea?
> SSL handshake failed without ssl.endpoint.identification.algorithm= and with a valid certificate and with security.inter.broker.protocol=SSL
> --------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: KAFKA-9354
> URL: https://issues.apache.org/jira/browse/KAFKA-9354
> Project: Kafka
> Issue Type: Bug
> Components: core
> Affects Versions: 2.3.1
> Environment: Centos 7
> Reporter: Agostino Sarubbo
> Priority: Major
>
> I tried to make an SSL setup but the documentation looks to be incomplete (See also: KAFKA-9308 )
> I fixed the issue locally and now I'm able to see:
> SubjectAlternativeName [
> DNSName: my.dns.com
> ]
>
> However it still fails to connect because of "SSL handshake failed (org.apache.kafka.clients.NetworkClient)"
> It happens only after I set security.inter.broker.protocol=SSL
> Do I am missing something?
--
This message was sent by Atlassian Jira
(v8.3.4#803005)