Consumer and Producer SSL Configuration

hasmine.roldan · 5 January 2023 09:56

Hi,

Good day!

I tried producing but encountered the error:

[rhel@kafkanode1 ~]$ /home/rhel/confluent-6.0.5/bin/kafka-console-producer --topic test_topic_1 --producer.config /home/rhel/confluent-6.0.5/etc/kafka/producer.properties --broker-list kafkanode1.localdomain:9092
[2023-01-05 11:53:23,586] WARN The configuration 'producer.ssl.truststore.password' was supplied but isn't a known config. (org.apache.kafka.clients.producer.ProducerConfig)
[2023-01-05 11:53:23,602] WARN The configuration 'producer.ssl.truststore.location' was supplied but isn't a known config. (org.apache.kafka.clients.producer.ProducerConfig)
[2023-01-05 11:53:23,602] WARN The configuration 'producer.ssl.keystore.location' was supplied but isn't a known config. (org.apache.kafka.clients.producer.ProducerConfig)
[2023-01-05 11:53:23,602] WARN The configuration 'producer.security.protocol' was supplied but isn't a known config. (org.apache.kafka.clients.producer.ProducerConfig)
[2023-01-05 11:53:23,602] WARN The configuration 'enable.ssl.certificate.verification' was supplied but isn't a known config. (org.apache.kafka.clients.producer.ProducerConfig)
[2023-01-05 11:53:23,602] WARN The configuration 'producer.ssl.keystore.password' was supplied but isn't a known config. (org.apache.kafka.clients.producer.ProducerConfig)
[2023-01-05 11:53:23,602] WARN The configuration 'producer.ssl.key.password' was supplied but isn't a known config. (org.apache.kafka.clients.producer.ProducerConfig)
[2023-01-05 11:53:23,602] WARN The configuration 'producer.ssl.endpoint.identification.algorithm' was supplied but isn't a known config. (org.apache.kafka.clients.producer.ProducerConfig)
>[2023-01-05 11:53:24,050] ERROR [Producer clientId=console-producer] Connection to node -1 (kafkanode1.localdomain/192.168.1.80:9092) failed authentication due to: SSL handshake failed (org.apache.kafka.clients.NetworkClient)
[2023-01-05 11:53:24,051] WARN [Producer clientId=console-producer] Bootstrap broker kafkanode1.localdomain:9092 (id: -1 rack: null) disconnected (org.apache.kafka.clients.NetworkClient)

First my producer.properties is configured like this:

producer.security.protocol=SSL
producer.ssl.truststore.location=/home/rhel/confluent-6.0.5/ssl/kafka-connect.jks
producer.ssl.truststore.password=admin123
producer.ssl.keystore.location=/home/rhel/confluent-6.0.5/ssl/kafka-connect.p12
producer.ssl.keystore.password=admin123
producer.ssl.key.password=admin123

Then I removed the producer prefix in my configuration and tried to produce again, and it worked.

security.protocol=SSL
ssl.truststore.location=/home/rhel/confluent-6.0.5/ssl/kafka-connect.jks
ssl.truststore.password=admin123
ssl.keystore.location=/home/rhel/confluent-6.0.5/ssl/kafka-connect.p12
ssl.keystore.password=admin123
ssl.key.password=admin123

Saw kafka documentation and consumer. and producer. is required in configuring the ssl. Are my configuration correct?

MRabast · 6 January 2023 16:32

ssl.truststore and keystores are create with java keytool.exe
Hope, you are familiar with it
and have created it with
keytool -genkeypair …
keytool -gencert …
keytool -importcert
keytool list kafka-connect.jks

Topic		Replies	Views
SSL handshake error for standalone server Clients	0	2879	15 March 2023
Accessing kafka python client Non-Java Clients	0	5441	3 December 2021
Unable to connect to kafka with truststore and keystore file Confluent Cloud	0	2725	7 March 2023
Kafka protobuf console consumer SSL connection and configuration Confluent Cloud	4	3747	26 October 2021
Kafka Consumer Error: confluent cloud Clients	0	2612	15 December 2022

Consumer and Producer SSL Configuration

Related topics