Thanks a lot Ismael :) Was able to get pass it.
Now trying to figure out from broker logs : INFO [KafkaApis] [kafka-request-handler-0] [kafka-server] [] [KafkaApi-0] Auto creation of topic testToic_1 with 8 partitions and replication factor 1 is successful! [KafkaApis] [kafka-request-handler-0] [kafka-server] [] [KafkaApi-0] Error when handling request Name: TopicMetadataRequest; Version: 0; CorrelationId: 0; ClientId: producer-1; Topics: testToic_1 kafka.common.BrokerEndPointNotAvailableException: End point SSL not found for broker 0 Thanks, Mayuresh On Thu, May 12, 2016 at 2:40 PM, Ismael Juma <ism...@juma.me.uk> wrote: > Hi Mayuresh, > > You need to enable client authentication by setting `ssl.client.auth` to > `required` or `requested` (I suggest the former). > > Ismael > > On Thu, May 12, 2016 at 10:35 PM, Mayuresh Gharat < > gharatmayures...@gmail.com> wrote: > > > HI I am trying to establish an SSL connection from kafkaProducer and send > > certificate to the Kafka Broker. > > > > > > I deploy my kafka broker locally running 2 ports : > > *listeners = PLAINTEXT://:9092,SSL://:16637 * > > > > *My KafkaBroker SSL configs look like this :* > > > > ssl.protocol = TLS > > ssl.trustmanager.algorithm = SunX509 > > ssl.keymanager.algorithm = SunX509 > > ssl.keystore.type = VALUE1 > > ssl.keystore.location = /a/b/c > > ssl.keystore.password = xyz > > ssl.key.password = xyz > > ssl.truststore.type = JKS > > ssl.truststore.location = /u/v/w > > ssl.truststore.password = 123 > > > > I run my producer locally on the same linux box as my KafkaBroker. > > My produce command looks like this : > > > > *bin/kafka-producer-perf-test.sh --num-records 10 --topic testToic_1 > > --record-size 10 --throughput 1 --producer-props * > > bootstrap.servers = localhost://:16637 > > security.protocol = SSL > > ssl.protocol = TLS > > ssl.trustmanager.algorithm = SunX509 > > ssl.keymanager.algorithm = SunX509 > > ssl.keystore.type = VALUE1 > > ssl.keystore.location = /a/b/c > > ssl.keystore.password = xyz > > ssl.key.password = xyz > > ssl.truststore.type = JKS > > ssl.truststore.location = /u/v/w > > ssl.truststore.password = 123 > > > > > > On kafka broker, when I do inside buildPrincipal() api of PricipalBuilder > > > > SSLSession session = ((SslTransportLayer)transportLayer).sslSession(); > > session.getPeerCertificates() > > > > I get: > > *org.apache.kafka.common.KafkaException: > > javax.net.ssl.SSLPeerUnverifiedException: peer not authenticated* > > > > > > I ran this command as listed here > > http://kafka.apache.org/documentation.html#security_ssl : > > > > *openssl s_client -debug -connect localhost:16637 -tls1* > > > > and was able to see the certificate. > > > > I am not able to understand the peer not authenticated exception here. > > Am I missing any SSL config on producer request? > > > > > > > > -- > > -Regards, > > Mayuresh R. Gharat > > (862) 250-7125 > > > -- -Regards, Mayuresh R. Gharat (862) 250-7125
