dsambandam edited a comment on issue #2533: can't generate ca key using the 
open ssl cnf file suggested for TLS Auth
URL: 
https://github.com/apache/incubator-pulsar/issues/2533#issuecomment-420873917
 
 
   Updated broker.conf and client.conf file with below configuration but not 
able to get pulsar-admin/client working . Fails to with exception 
DecoderException : javax.net.ssl.SSLHandshakeException: error:10000438:SSL 
routines:OPENSSL_internal:TLSV1_ALERT_INTERNAL_ERROR
   
   @sijie Any suggestions to resolve this issue? 
   
   **# Broker Configuration to enable authentication**
   authenticationEnabled=true
   
authenticationProviders=org.apache.pulsar.broker.authentication.AuthenticationProviderTls
   
   tlsEnabled=true
   tlsCertificateFilePath=/Path/my-ca/broker.cert.pem
   tlsKeyFilePath=/Path/my-ca/broker.key-pk8.pem
   tlsTrustCertsFilePath=/Path/my-ca/certs/ca.cert.pem
   
   
   
   
   **# Pulsar Client and pulsar-admin configuration**
   
   webServiceUrl=https://broker1:8443/
   brokerServiceUrl=pulsar+ssl://broker1:6651/
   useTls=true
   tlsTrustCertsFilePath=/Path/my-ca/certs/ca.cert.pem
   #tlsEnableHostnameVerification=true
   authPlugin=org.apache.pulsar.client.impl.auth.AuthenticationTls
   
authParams=tlsCertFile:/Path/my-ca/broker.cert.pem,tlsKeyFile:/Path/my-ca/broker.key-pk8.pem
   
   
   
   **Pulsar client consume command Logs:**
   
   2018-09-12 20:35:41,152 pulsar-client-io-1-1 DEBUG 
AsyncLogger.ThreadNameStrategy=UNCACHED (user specified null, default is 
UNCACHED)
   20:35:41.317 [pulsar-client-io-1-1] WARN  
org.apache.pulsar.client.impl.ClientCnx - Error during handshake
   javax.net.ssl.SSLException: SSLEngine closed already
           at io.netty.handler.ssl.SslHandler.wrap(...)(Unknown Source) 
~[io.netty-netty-all-4.1.22.Final.jar:4.1.22.Final]
   20:35:41.331 [pulsar-client-io-1-1] WARN  
org.apache.pulsar.client.impl.ClientCnx - [broker1/IP:6651] Got exception 
DecoderException : javax.net.ssl.SSLHandshakeException: error:10000438:SSL 
routines:OPENSSL_internal:TLSV1_ALERT_INTERNAL_ERROR
   io.netty.handler.codec.DecoderException: 
javax.net.ssl.SSLHandshakeException: error:10000438:SSL 
routines:OPENSSL_internal:TLSV1_ALERT_INTERNAL_ERROR
           at 
io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:459)
 ~[io.netty-netty-all-4.1.22.Final.jar:4.1.22.Final]
           at 
io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:265)
 ~[io.netty-netty-all-4.1.22.Final.jar:4.1.22.Final]
           at 
io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362)
 [io.netty-netty-all-4.1.22.Final.jar:4.1.22.Final]
           at 
io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348)
 [io.netty-netty-all-4.1.22.Final.jar:4.1.22.Final]
           at 
io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:340)
 [io.netty-netty-all-4.1.22.Final.jar:4.1.22.Final]
           at 
io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1414)
 [io.netty-netty-all-4.1.22.Final.jar:4.1.22.Final]
           at 
io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:362)
 [io.netty-netty-all-4.1.22.Final.jar:4.1.22.Final]
           at 
io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:348)
 [io.netty-netty-all-4.1.22.Final.jar:4.1.22.Final]
           at 
io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:945)
 [io.netty-netty-all-4.1.22.Final.jar:4.1.22.Final]
           at 
io.netty.channel.epoll.AbstractEpollStreamChannel$EpollStreamUnsafe.epollInReady(AbstractEpollStreamChannel.java:806)
 [io.netty-netty-all-4.1.22.Final.jar:4.1.22.Final]
   

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
[email protected]


With regards,
Apache Git Services

Reply via email to