Kafka failed authentication due to: SSL handshake failed


I have to add encryption and authentication with SSL in kafka.

This is what I have done:

- 1) Generate certificate for each broker kafka:
COMANDO: keytool -keystore server.keystore.jks -alias localhost -validity 365 -genkey

- 2) Create CA. The generated CA is a public-private key pair and certificate used to sign other certificates. A CA is responsible for signing certificates. 
COMANDO: openssl req -new -x509 -keyout ca-key -out ca-cert -days 365

- 3) Sign all brokers certificates with the generated CA
Export the certificate from the keystore: keytool -keystore server.keystore.jks -alias localhost -certreq -file cert-file
Sign it with the CA: openssl x509 -req -CA ca-cert -CAkey ca-key -in cert-file -out cert-signed -days {validity} -CAcreateserial -passin pass:{ca-password}

- 4) Import both the certificate of the CA and the signed certificate into the keystore:
keytool -keystore server.keystore.jks -alias CARoot -import -file ca-cert
keytool -keystore server.keystore.jks -alias localhost -import -file cert-signed

- 5) Import CA to client truststore and broker/server truststore:
keytool -keystore server.truststore.jks -alias CARoot -import -file ca-cert
keytool -keystore client.truststore.jks -alias CARoot -import -file ca-cert

- 6) Add these line in the configuration server.properties:
listeners=PLAINTEXT://localhost:9092, SSL://localhost:9192

The problem is that what I start kafka, I get this error:

[2019-02-26 19:03:59,783] INFO [KafkaServer id=0] started (kafka.server.KafkaServer)
[2019-02-26 19:04:00,011] ERROR [Controller id=0, targetBrokerId=0] Connection to node 0 (localhost/ failed authentication due to: SSL handshake failed (org.apache.kafka.clients.NetworkClient)
[2019-02-26 19:04:00,178] ERROR [Controller id=0, targetBrokerId=0] Connection to node 0 (localhost/ failed authentication due to: SSL handshake failed (org.apache.kafka.clients.NetworkClient)
[2019-02-26 19:04:00,319] ERROR [Controller id=0, targetBrokerId=0] Connection to node 0 (localhost/ failed authentication due to: SSL handshake failed (org.apache.kafka.clients.NetworkClient)


Best Answer

I used to your shared step to generate the certificates and configured in the Kafka and spring boot producer and consumer level, all are working fine.

I have also got the same error but I did the following configuration.

you can add the following line in server.properties


Higher version of Kafka doing the host verification so you can ignore by the adding the above line server.properties.

Related Topic