[ https://issues.apache.org/jira/browse/KAFKA-12228?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17270755#comment-17270755 ]
Alexey Kashavkin commented on KAFKA-12228: ------------------------------------------ I switched to different Oracle JDK versions, but no effect. I also tried to set certificate with options: {code:java} ssl.keystore.type=PEM ssl.keystore.location=/opt/kafka/certs/certificate.pem ssl.key.password=null{code} And I got Š° new error: {code:bash} [2021-01-23 20:33:21,552] ERROR [KafkaServer id=0] Fatal error during KafkaServer startup. Prepare to shutdown (kafka.server.KafkaServer) org.apache.kafka.common.errors.InvalidConfigurationException: Failed to load PEM SSL keystore /opt/kafka/certs/certificate.pem Caused by: org.apache.kafka.common.errors.InvalidConfigurationException: Invalid PEM keystore configs Caused by: java.io.IOException: overrun, bytes = 111 at javax.crypto.EncryptedPrivateKeyInfo.<init>(EncryptedPrivateKeyInfo.java:92) at org.apache.kafka.common.security.ssl.DefaultSslEngineFactory$PemStore.privateKey(DefaultSslEngineFactory.java:512) at org.apache.kafka.common.security.ssl.DefaultSslEngineFactory$PemStore.createKeyStoreFromPem(DefaultSslEngineFactory.java:462) at org.apache.kafka.common.security.ssl.DefaultSslEngineFactory$PemStore.<init>(DefaultSslEngineFactory.java:435) at org.apache.kafka.common.security.ssl.DefaultSslEngineFactory$FileBasedPemStore.load(DefaultSslEngineFactory.java:412) at org.apache.kafka.common.security.ssl.DefaultSslEngineFactory$FileBasedStore.<init>(DefaultSslEngineFactory.java:349) at org.apache.kafka.common.security.ssl.DefaultSslEngineFactory$FileBasedPemStore.<init>(DefaultSslEngineFactory.java:405) at org.apache.kafka.common.security.ssl.DefaultSslEngineFactory.createKeystore(DefaultSslEngineFactory.java:293) at org.apache.kafka.common.security.ssl.DefaultSslEngineFactory.configure(DefaultSslEngineFactory.java:161) at org.apache.kafka.common.security.ssl.SslFactory.instantiateSslEngineFactory(SslFactory.java:136) at org.apache.kafka.common.security.ssl.SslFactory.configure(SslFactory.java:93) at org.apache.kafka.common.network.SslChannelBuilder.configure(SslChannelBuilder.java:72) at org.apache.kafka.common.network.ChannelBuilders.create(ChannelBuilders.java:157) at org.apache.kafka.common.network.ChannelBuilders.serverChannelBuilder(ChannelBuilders.java:97) at kafka.network.Processor.<init>(SocketServer.scala:790) at kafka.network.SocketServer.newProcessor(SocketServer.scala:415) at kafka.network.SocketServer.$anonfun$addDataPlaneProcessors$1(SocketServer.scala:288) at kafka.network.SocketServer.addDataPlaneProcessors(SocketServer.scala:287) at kafka.network.SocketServer.$anonfun$createDataPlaneAcceptorsAndProcessors$1(SocketServer.scala:254) at kafka.network.SocketServer.$anonfun$createDataPlaneAcceptorsAndProcessors$1$adapted(SocketServer.scala:251) at scala.collection.IterableOnceOps.foreach(IterableOnce.scala:553) at scala.collection.IterableOnceOps.foreach$(IterableOnce.scala:551) at scala.collection.AbstractIterable.foreach(Iterable.scala:920) at kafka.network.SocketServer.createDataPlaneAcceptorsAndProcessors(SocketServer.scala:251) at kafka.network.SocketServer.startup(SocketServer.scala:125) at kafka.server.KafkaServer.startup(KafkaServer.scala:303) at kafka.server.KafkaServerStartable.startup(KafkaServerStartable.scala:44) at kafka.Kafka$.main(Kafka.scala:82) at kafka.Kafka.main(Kafka.scala) [2021-01-23 20:33:21,557] INFO [KafkaServer id=0] shutting down (kafka.server.KafkaServer) {code} > Invalid value javax.net.ssl.SSLHandshakeException: no cipher suites in common > for configuration > ----------------------------------------------------------------------------------------------- > > Key: KAFKA-12228 > URL: https://issues.apache.org/jira/browse/KAFKA-12228 > Project: Kafka > Issue Type: Bug > Components: clients > Affects Versions: 2.7.0 > Reporter: Alexey Kashavkin > Priority: Major > Attachments: kafka.log > > > I found that Kafka 2.7.0 supports PEMĀ certificates and I decided to try > setting up the broker with DigiCert SSL certificate. I used new options and I > did everything like in example in > [KIP-651|https://cwiki.apache.org/confluence/display/KAFKA/KIP-651+-+Support+PEM+format+for+SSL+certificates+and+private+key]. > But I get the error: > {code:bash} > [2021-01-20 17:54:55,787] ERROR [KafkaServer id=0] Fatal error during > KafkaServer startup. Prepare to shutdown (kafka.server.KafkaServer) > org.apache.kafka.common.config.ConfigException: Invalid value > javax.net.ssl.SSLHandshakeException: no cipher suites in common for > configuration A client SSLEngine created with the provided settings can't > connect to a server SSLEngine created with those settings. > at > org.apache.kafka.common.security.ssl.SslFactory.configure(SslFactory.java:98) > at > org.apache.kafka.common.network.SslChannelBuilder.configure(SslChannelBuilder.java:72) > at > org.apache.kafka.common.network.ChannelBuilders.create(ChannelBuilders.java:157) > at > org.apache.kafka.common.network.ChannelBuilders.serverChannelBuilder(ChannelBuilders.java:97) > at kafka.network.Processor.<init>(SocketServer.scala:790) > at kafka.network.SocketServer.newProcessor(SocketServer.scala:415) > at > kafka.network.SocketServer.$anonfun$addDataPlaneProcessors$1(SocketServer.scala:288) > at > kafka.network.SocketServer.addDataPlaneProcessors(SocketServer.scala:287) > at > kafka.network.SocketServer.$anonfun$createDataPlaneAcceptorsAndProcessors$1(SocketServer.scala:254) > at > kafka.network.SocketServer.$anonfun$createDataPlaneAcceptorsAndProcessors$1$adapted(SocketServer.scala:251) > at scala.collection.IterableOnceOps.foreach(IterableOnce.scala:553) > at scala.collection.IterableOnceOps.foreach$(IterableOnce.scala:551) > at scala.collection.AbstractIterable.foreach(Iterable.scala:920) > at > kafka.network.SocketServer.createDataPlaneAcceptorsAndProcessors(SocketServer.scala:251) > at kafka.network.SocketServer.startup(SocketServer.scala:125) > at kafka.server.KafkaServer.startup(KafkaServer.scala:303) > at > kafka.server.KafkaServerStartable.startup(KafkaServerStartable.scala:44) > at kafka.Kafka$.main(Kafka.scala:82) > at kafka.Kafka.main(Kafka.scala) > {code} > Java is used: > {code:bash} > openjdk version "1.8.0_272" > OpenJDK Runtime Environment (build 1.8.0_272-b10) > OpenJDK 64-Bit Server VM (build 25.272-b10, mixed mode) > {code} > OS is Centos 7.8.2003 > _openssl x509 -in certificate.pem -text :_ > {code:java} > Certificate: > ... > Signature Algorithm: ecdsa-with-SHA384 > ... > Subject Public Key Info: > Public Key Algorithm: id-ecPublicKey > Public-Key: (256 bit) > {code} > Log is attached. -- This message was sent by Atlassian Jira (v8.3.4#803005)