Re: Using SSL with KafkaConsumer w/o client certificates

2016-04-21 Thread marko
Ah, that makes sense. After adding the truststore to the server configs things seem to work correctly, thanks! marko > Have you configured a truststore in server.properties? You don't need this > when using security.inter.broker.protocol=PLAINTEXT and client-auth is > disabled, but you do need to

Re: Using SSL with KafkaConsumer w/o client certificates

2016-04-21 Thread Rajini Sivaram
Have you configured a truststore in server.properties? You don't need this when using security.inter.broker.protocol=PLAINTEXT and client-auth is disabled, but you do need to set truststore for the client-mode connections made by the broker when security.inter.broker.protocol=SSL. If that still doe

Re: Using SSL with KafkaConsumer w/o client certificates

2016-04-20 Thread marko
After making the suggested change, I see this error during startup [2016-04-20 18:03:10,522] INFO [Kafka Server 0], started (kafka.server.KafkaServer) [2016-04-20 18:03:11,093] WARN Failed to send SSL Close message (org.apache.kafka.common.network.SslTransportLayer) java.io.IOException: Broken pi

Re: Using SSL with KafkaConsumer w/o client certificates

2016-04-20 Thread Rajini Sivaram
If your only listener is SSL, you should set security.inter.broker.protocol to SSL even for single-broker cluster since it is used by the controller. I would have expected an error in the logs though if this was not configured correctly. On Wed, Apr 20, 2016 at 1:34 AM, wrote: > There is only on

Re: Using SSL with KafkaConsumer w/o client certificates

2016-04-19 Thread marko
There is only one broker in this case. There are no errors (besides the warning below) on either the broker or the client side. It just returns an empty topic list if plaintext is not configured, even though client is using SSL in both cases. marko > Hi, > > That warning is harmless. Personally,

Re: Using SSL with KafkaConsumer w/o client certificates

2016-04-19 Thread Ismael Juma
Hi, That warning is harmless. Personally, I think it may be a good idea to remove as it confuses people in cases such as this. Do you have multiple brokers? Are the brokers configured to use SSL for inter-broker communication (security.inter.broker.protocol)? This is required if the only listener

Using SSL with KafkaConsumer w/o client certificates

2016-04-19 Thread marko
What is the correct way of using SSL between the client and brokers if client certificates are not used? The broker (0.9.0.0) reports the following in the log WARN SSL peer is not authenticated, returning ANONYMOUS instead as a result of this (I belive) KafkaConsumer.listTopics() returns an empty