And, server.properties ######
broker.id=11 port=9092 host.name=n1 advertised.host.name=192.168.0.11 allow.everyone.if.no.acl.found=true super.users=User:CN=n1.test.com,OU=TEST,O=TEST,L=TEST,ST=TEST,C=TEST listeners=SSL://n1.test.com:9092 advertised.listeners=SSL://n1.test.com:9092 ssl.client.auth=required ssl.enabled.protocols=TLSv1.2,TLSv1.1,TLSv1 ssl.keystore.type=JKS ssl.truststore.type=JKS security.inter.broker.protocol=SSL ssl.keystore.location=/home/kafka/kafka.server.keystore.jks ssl.keystore.password=Test2017 ssl.key.password=Test2017 ssl.truststore.location=/home/kafka/kafka.server.truststore.jks ssl.truststore.password=Test2017 authorizer.class.name=kafka.security.auth.SimpleAclAuthorizer principal.builder.class=org.apache.kafka.common.security.auth.DefaultPrincipalBuilder num.replica.fetchers=4 replica.fetch.max.bytes=1048576 replica.fetch.wait.max.ms=500 replica.high.watermark.checkpoint.interval.ms=5000 replica.socket.timeout.ms=30000 replica.socket.receive.buffer.bytes=65536 replica.lag.time.max.ms=10000 controller.socket.timeout.ms=30000 controller.message.queue.size=10 default.replication.factor=3 log.dirs=/usr/log/kafka kafka.logs.dir=/usr/log/kafka num.partitions=20 message.max.bytes=1000000 auto.create.topics.enable=true log.index.interval.bytes=4096 log.index.size.max.bytes=10485760 log.retention.hours=720 log.flush.interval.ms=10000 log.flush.interval.messages=20000 log.flush.scheduler.interval.ms=2000 log.roll.hours=168 log.retention.check.interval.ms=300000 log.segment.bytes=1073741824 delete.topic.enable=true socket.request.max.bytes=104857600 socket.receive.buffer.bytes=1048576 socket.send.buffer.bytes=1048576 num.io.threads=8 num.network.threads=8 queued.max.requests=16 fetch.purgatory.purge.interval.requests=100 producer.purgatory.purge.interval.requests=100 zookeeper.connect=n1:2181,n2:2181,n3:2181 zookeeper.connection.timeout.ms=2000 zookeeper.sync.time.ms=2000 ###### producer.properties ###### bootstrap.servers=n1.test.com:9092 security.protocol=SSL ssl.truststore.location=/home/kafka/kafka.client.truststore.jks ssl.truststore.password=testkafka ssl.keystore.location=/home/kafka/kafka.client.keystore.jks ssl.keystore.password=testkafka ssl.key.password=testkafka ##### On Thu, Aug 10, 2017 at 4:17 AM, Ascot Moss <ascot.m...@gmail.com> wrote: > Dear Manna, > > > What's the status of your SSL? Have you verified that the setup is working? > Yes, I used " > > openssl s_client -debug -connect n1.test.com:9092 -tls1 > Output: > > CONNECTED(00000003) > > write to 0x853e70 [0x89fd43] (155 bytes => 155 (0x9B)) > > 0000 - 16 03 01 00 96 01 00 00-92 03 01 59 8b 6d 0d b1 ...........Y.m.. > ... > > Server certificate > > -----BEGIN CERTIFICATE----- > > CwwCSEsxGT............ > > -----END CERTIFICATE----- > > --- > > SSL handshake has read 2470 bytes and written 161 bytes > > --- > > New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-SHA > > PSK identity hint: None > > Start Time: 1502309645 > > Timeout : 7200 (sec) > > Verify return code: 19 (self signed certificate in certificate chain) > > --- > > Regards > > On Wed, Aug 9, 2017 at 10:29 PM, M. Manna <manme...@gmail.com> wrote: > >> Hi, >> >> What's the status of your SSL? Have you verified that the setup is >> working? >> >> You can enable rough logins using log4j.properties file supplier with >> kafka >> and set the root logging level to DEBUG. This prints out more info to >> trace >> things. Also, you can enable security logging by adding >> -Djavax.security.debug=all >> >> Please share your producer/broker configs with us. >> >> Kindest Regards, >> M. Manna >> >> On 9 August 2017 at 14:38, Ascot Moss <ascot.m...@gmail.com> wrote: >> >> > Hi, >> > >> > >> > I have setup Kafka 0.10.2.1 with SSL. >> > >> > >> > Check Status: >> > >> > openssl s_client -debug -connect n1:9093 -tls1 >> > >> > New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-SHA >> > >> > ... SSL-Session: >> > >> > Protocol : TLSv1 >> > >> > PSK identity hint: None >> > >> > Start Time: 1502285690 >> > >> > Timeout : 7200 (sec) >> > >> > Verify return code: 19 (self signed certificate in certificate >> chain) >> > >> > >> > Create Topic: >> > >> > kafka-topics.sh --create --zookeeper n1:2181,n2:2181,n3:2181 >> > --replication-factor 3 --partitions 3 --topic test02 >> > >> > ERROR [ReplicaFetcherThread-2-111], Error for partition [test02,2] to >> > broker 1:org.apache.kafka.common.errors.UnknownTopicOrPartitionExce >> ption: >> > This server does not host this topic-partition. >> > (kafka.server.ReplicaFetcherThread) >> > >> > However, if I run describe topic, I can see it is created >> > >> > >> > >> > Describe Topic: >> > >> > kafka-topics.sh --zookeeper n1:2181,n2:2181,n3:2181 --describe --topic >> > test02 >> > >> > Topic:test02 PartitionCount:3 ReplicationFactor:3 Configs: >> > >> > Topic: test02 Partition: 0 Leader: 12 Replicas: 12,13,11 Isr: 12,13,11 >> > >> > Topic: test02 Partition: 1 Leader: 13 Replicas: 13,11,12 Isr: 13,11,12 >> > >> > Topic: test02 Partition: 2 Leader: 11 Replicas: 11,12,13 Isr: 11,12,13 >> > >> > >> > Consumer: >> > >> > kafka-console-consumer.sh --bootstrap-server n1:9093 --consumer.config >> > /home/kafka/config/consumer.n1.properties --topic test02 >> --from-beginning >> > >> > >> > >> > Producer: >> > >> > kafka-console-producer.sh --broker-list n1:9093 --producer.config >> > /homey/kafka/config/producer.n1.properties --sync --topic test02 >> > >> > ERROR Error when sending message to topic test02 with key: null, value: >> 0 >> > bytes with error: >> > (org.apache.kafka.clients.producer.internals.ErrorLoggingCallback) >> > >> > org.apache.kafka.common.errors.TimeoutException: Expiring 1 record(s) >> for >> > test02-1: 1506 ms has passed since batch creation plus linger time >> > >> > >> > How to resolve it? >> > >> > Regards >> > >> > >