Hello. I am trying to implement Quorum TLS by following the instructions in https://zookeeper.apache.org/doc/r3.5.7/zookeeperAdmin.html#Quorum+TLS, but I keep on encountering the following errors after doing the second rolling restart where sslQuorum set to true.
- [2023-10-11 05:46:03,250] WARN Cannot open channel to 3 at election address /xxx.xx.xx.xxx:xxxx ( org.apache.zookeeper.server.quorum.QuorumCnxManager) javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure - [2023-10-11 05:47:12,513] WARN Closing connection to /xxx.xx.xx. xxx:xxxx (org.apache.zookeeper.server.NettyServerCnxn) java.io.IOException: ZK down Our current Cluster setup consists of 3 Linux servers (Amazon EC2 instances) which contains one Zookeeper and Broker for each server. I have tried using Private IP DNS name and Public IPv4 DNS as the alias and distinguished name when generating the self signed certificate for each of the servers. For the generation of CA key and CA certificate, I used the Private IP DNS name and Public IPv4 DNS of one the servers as the common name respectively. Do note I am generating all keystores/truststore in just one server (this server's IP is indicated in CA key and CA cert) and distributing them accordingly. I made sure that all ZK is up and running when I am getting the ZK down issue and I am getting that error for all three ZKs. I can also confirm that the file path indicated in the zookeeper.properties where the keystore and truststore is located is correct. Can someone assist regarding this? What am I missing here? Let me know if you need more information. I am also unsure if there is something like a community page for Kafka where I can reach out to the community where hopefully someone with a similar setup can help. Thanks, Chester
