Hello,

I’m trying to run the confluent cloud examples for java against a starter cloud account.

getting the below error :

LF4J: Class path contains multiple SLF4J bindings.
SLF4J: Found binding in [jar:file:/Users/gouthamrao/.m2/repository/org/slf4j/slf4j-log4j12/1.7.6/slf4j-log4j12-1.7.6.jar!/org/slf4j/impl/StaticLoggerBinder.class]
SLF4J: Found binding in [jar:file:/Users/gouthamrao/.m2/repository/org/slf4j/slf4j-reload4j/1.7.36/slf4j-reload4j-1.7.36.jar!/org/slf4j/impl/StaticLoggerBinder.class]
SLF4J: See http://www.slf4j.org/codes.html#multiple_bindings for an explanation.
SLF4J: Actual binding is of type [org.slf4j.impl.Log4jLoggerFactory]
[2023-01-07 06:34:34,239] INFO AdminClientConfig values:
bootstrap.servers = [pkc-6ojv2.us-west4.gcp.confluent.cloud:9092]
client.dns.lookup = use_all_dns_ips
client.id =
connections.max.idle.ms = 300000
default.api.timeout.ms = 60000
metadata.max.age.ms = 300000
metric.reporters =
metrics.num.samples = 2
metrics.recording.level = INFO
metrics.sample.window.ms = 30000
receive.buffer.bytes = 65536
reconnect.backoff.max.ms = 1000
reconnect.backoff.ms = 50
request.timeout.ms = 30000
retries = 2147483647
retry.backoff.ms = 100
sasl.client.callback.handler.class = null
sasl.jaas.config = [hidden]
sasl.kerberos.kinit.cmd = /usr/bin/kinit
sasl.kerberos.min.time.before.relogin = 60000
sasl.kerberos.service.name = null
sasl.kerberos.ticket.renew.jitter = 0.05
sasl.kerberos.ticket.renew.window.factor = 0.8
sasl.login.callback.handler.class = null
sasl.login.class = null
sasl.login.connect.timeout.ms = null
sasl.login.read.timeout.ms = null
sasl.login.refresh.buffer.seconds = 300
sasl.login.refresh.min.period.seconds = 60
sasl.login.refresh.window.factor = 0.8
sasl.login.refresh.window.jitter = 0.05
sasl.login.retry.backoff.max.ms = 10000
sasl.login.retry.backoff.ms = 100
sasl.mechanism = PLAIN
sasl.oauthbearer.clock.skew.seconds = 30
sasl.oauthbearer.expected.audience = null
sasl.oauthbearer.expected.issuer = null
sasl.oauthbearer.jwks.endpoint.refresh.ms = 3600000
sasl.oauthbearer.jwks.endpoint.retry.backoff.max.ms = 10000
sasl.oauthbearer.jwks.endpoint.retry.backoff.ms = 100
sasl.oauthbearer.jwks.endpoint.url = null
sasl.oauthbearer.scope.claim.name = scope
sasl.oauthbearer.sub.claim.name = sub
sasl.oauthbearer.token.endpoint.url = null
security.protocol = SASL_SSL
security.providers = null
send.buffer.bytes = 131072
socket.connection.setup.timeout.max.ms = 30000
socket.connection.setup.timeout.ms = 10000
ssl.cipher.suites = null
ssl.enabled.protocols = [TLSv1.2]
ssl.endpoint.identification.algorithm = https
ssl.engine.factory.class = null
ssl.key.password = null
ssl.keymanager.algorithm = SunX509
ssl.keystore.certificate.chain = null
ssl.keystore.key = null
ssl.keystore.location = null
ssl.keystore.password = null
ssl.keystore.type = JKS
ssl.protocol = TLSv1.2
ssl.provider = null
ssl.secure.random.implementation = null
ssl.trustmanager.algorithm = PKIX
ssl.truststore.certificates = null
ssl.truststore.location = null
ssl.truststore.password = null
ssl.truststore.type = JKS
(org.apache.kafka.clients.admin.AdminClientConfig)
[2023-01-07 06:34:34,379] DEBUG [AdminClient clientId=adminclient-1] Setting bootstrap cluster metadata Cluster(id = null, nodes = [pkc-6ojv2.us-west4.gcp.confluent.cloud:9092 (id: -1 rack: null)], partitions = , controller = null). (org.apache.kafka.clients.admin.internals.AdminMetadataManager)
[2023-01-07 06:34:34,973] INFO Successfully logged in. (org.apache.kafka.common.security.authenticator.AbstractLogin)
[2023-01-07 06:34:35,121] DEBUG Created SSL context with keystore null, truststore null, provider SunJSSE. (org.apache.kafka.common.security.ssl.DefaultSslEngineFactory)
[2023-01-07 06:34:35,244] WARN These configurations ‘[schema.registry.url, basic.auth.user.info, basic.auth.credentials.source, acks, session.timeout.ms]’ were supplied but are not used yet. (org.apache.kafka.clients.admin.AdminClientConfig)
[2023-01-07 06:34:35,249] INFO Kafka version: 7.3.1-ccs (org.apache.kafka.common.utils.AppInfoParser)
[2023-01-07 06:34:35,249] INFO Kafka commitId: 8628b0341c3c4676 (org.apache.kafka.common.utils.AppInfoParser)
[2023-01-07 06:34:35,249] INFO Kafka startTimeMs: 1673073275244 (org.apache.kafka.common.utils.AppInfoParser)
[2023-01-07 06:34:35,251] DEBUG [AdminClient clientId=adminclient-1] Kafka admin client initialized (org.apache.kafka.clients.admin.KafkaAdminClient)
[2023-01-07 06:34:35,252] DEBUG [AdminClient clientId=adminclient-1] Thread starting (org.apache.kafka.clients.admin.KafkaAdminClient)
[2023-01-07 06:34:35,258] DEBUG Resolved host pkc-6ojv2.us-west4.gcp.confluent.cloud as 34.118.243.148 (org.apache.kafka.clients.ClientUtils)
[2023-01-07 06:34:35,258] DEBUG [AdminClient clientId=adminclient-1] Initiating connection to node pkc-6ojv2.us-west4.gcp.confluent.cloud:9092 (id: -1 rack: null) using address pkc-6ojv2.us-west4.gcp.confluent.cloud/34.118.243.148 (org.apache.kafka.clients.NetworkClient)
[2023-01-07 06:34:35,400] DEBUG [AdminClient clientId=adminclient-1] Queueing Call(callName=createTopics, deadlineMs=1673073335399, tries=0, nextAllowedTryMs=0) with a timeout 30000 ms from now. (org.apache.kafka.clients.admin.KafkaAdminClient)
[2023-01-07 06:34:35,572] DEBUG [AdminClient clientId=adminclient-1] Set SASL client state to SEND_APIVERSIONS_REQUEST (org.apache.kafka.common.security.authenticator.SaslClientAuthenticator)
[2023-01-07 06:34:35,576] DEBUG [AdminClient clientId=adminclient-1] Creating SaslClient: client=null;service=kafka;serviceHostname=pkc-6ojv2.us-west4.gcp.confluent.cloud;mechs=[PLAIN] (org.apache.kafka.common.security.authenticator.SaslClientAuthenticator)
[2023-01-07 06:34:35,662] DEBUG [AdminClient clientId=adminclient-1] Created socket with SO_RCVBUF = 66176, SO_SNDBUF = 132352, SO_TIMEOUT = 0 to node -1 (org.apache.kafka.common.network.Selector)
[2023-01-07 06:34:36,118] DEBUG [AdminClient clientId=adminclient-1] Completed connection to node -1. Fetching API versions. (org.apache.kafka.clients.NetworkClient)
[2023-01-07 06:34:36,174] DEBUG [SslTransportLayer channelId=-1 key=sun.nio.ch.SelectionKeyImpl@66986c77] SSL Handshake failed (org.apache.kafka.common.network.SslTransportLayer)
javax.net.ssl.SSLHandshakeException: General SSLEngine problem
at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1431)
at sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:535)
at sun.security.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1214)
at sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1186)
at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:469)
at org.apache.kafka.common.network.SslTransportLayer.handshakeWrap(SslTransportLayer.java:485)
at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:346)
at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293)
at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178)
at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543)
at org.apache.kafka.common.network.Selector.poll(Selector.java:481)
at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560)
at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1415)
at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1346)
at java.lang.Thread.run(Thread.java:745)
Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1728)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:304)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1509)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
at sun.security.ssl.Handshaker$1.run(Handshaker.java:919)
at sun.security.ssl.Handshaker$1.run(Handshaker.java:916)
at java.security.AccessController.doPrivileged(Native Method)
at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1369)
at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435)
at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523)
at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373)
… 8 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)
at sun.security.validator.Validator.validate(Validator.java:260)
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:281)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:136)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1496)
… 17 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382)
… 23 more
[2023-01-07 06:34:36,177] DEBUG [SslTransportLayer channelId=-1 key=sun.nio.ch.SelectionKeyImpl@66986c77] SSLEngine.closeInBound() raised an exception. (org.apache.kafka.common.network.SslTransportLayer)
javax.net.ssl.SSLException: Inbound closed before receiving peer’s close_notify: possible truncation attack?
at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)
at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1666)
at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1634)
at sun.security.ssl.SSLEngineImpl.closeInbound(SSLEngineImpl.java:1561)
at org.apache.kafka.common.network.SslTransportLayer.handshakeFailure(SslTransportLayer.java:885)
at org.apache.kafka.common.network.SslTransportLayer.maybeProcessHandshakeFailure(SslTransportLayer.java:920)
at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:297)
at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178)
at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543)
at org.apache.kafka.common.network.Selector.poll(Selector.java:481)
at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560)
at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1415)
at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1346)
at java.lang.Thread.run(Thread.java:745)
[2023-01-07 06:34:36,178] INFO [AdminClient clientId=adminclient-1] Failed authentication with pkc-6ojv2.us-west4.gcp.confluent.cloud/34.118.243.148 (channelId=-1) (SSL handshake failed) (org.apache.kafka.common.network.Selector)
[2023-01-07 06:34:36,180] INFO [AdminClient clientId=adminclient-1] Node -1 disconnected. (org.apache.kafka.clients.NetworkClient)
[2023-01-07 06:34:36,185] ERROR [AdminClient clientId=adminclient-1] Connection to node -1 (pkc-6ojv2.us-west4.gcp.confluent.cloud/34.118.243.148:9092) failed authentication due to: SSL handshake failed (org.apache.kafka.clients.NetworkClient)
[2023-01-07 06:34:36,186] WARN [AdminClient clientId=adminclient-1] Metadata update failed due to authentication error (org.apache.kafka.clients.admin.internals.AdminMetadataManager)
org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed
Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1431)
at sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:535)
at sun.security.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1214)
at sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1186)
at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:469)
at org.apache.kafka.common.network.SslTransportLayer.handshakeWrap(SslTransportLayer.java:485)
at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:346)
at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293)
at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178)
at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543)
at org.apache.kafka.common.network.Selector.poll(Selector.java:481)
at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:560)
at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1415)
at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1346)
at java.lang.Thread.run(Thread.java:745)
Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1728)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:304)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1509)
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:979)
at sun.security.ssl.Handshaker$1.run(Handshaker.java:919)
at sun.security.ssl.Handshaker$1.run(Handshaker.java:916)
at java.security.AccessController.doPrivileged(Native Method)
at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1369)
at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435)
at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523)
at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373)
… 8 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387)
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)
at sun.security.validator.Validator.validate(Validator.java:260)
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:281)
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:136)
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1496)
… 17 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:382)
… 23 more
[2023-01-07 06:34:36,187] DEBUG [AdminClient clientId=adminclient-1] Requesting metadata update. (org.apache.kafka.clients.admin.internals.AdminMetadataManager)
[2023-01-07 06:34:36,187] DEBUG [AdminClient clientId=adminclient-1] Metadata is not usable: failed to get metadata. (org.apache.kafka.clients.admin.internals.AdminMetadataManager)

Here is my producer config

Required connection configs for Kafka producer, consumer, and admin

bootstrap.servers=pkc-6ojv2.us-west4.gcp.confluent.cloud:9092
security.protocol=SASL_SSL
sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required username=‘{{ CLUSTER_API_KEY }}’ password=‘{{ CLUSTER_API_SECRET }}’;
sasl.mechanism=PLAIN

Required for correctness in Apache Kafka clients prior to 2.6

client.dns.lookup=use_all_dns_ips

Best practice for higher availability in Apache Kafka clients prior to 3.0

session.timeout.ms=45000

Best practice for Kafka producer to prevent data loss

acks=all

Required connection configs for Confluent Cloud Schema Registry

schema.registry.url=https://psrc-95km5.eu-central-1.aws.confluent.cloud
basic.auth.credentials.source=USER_INFO
basic.auth.user.info={{ SR_API_KEY }}:{{ SR_API_SECRET }}

Where do i find information on building my keystore and truststore .