Hi Awadhesh, This seems like your certificate import order (intermediate - root) is jumbled up. Could you kindly follow the instructions on confluent.io where Ismael Juma has provided a nice set of steps to follow for SSL setup.
https://www.confluent.io/blog/apache-kafka-security-authorization-authentication-encryption/ Kindest Regards, On 28 September 2017 at 09:10, Awadhesh Gupta <awadhesh.in...@gmail.com> wrote: > Hello, > > I am trying to setup Kafka SSL using certificates on my windows machine > using reference of security_overview section of Kafka documents. I have > created server.keystore.jks, client.keystore.jks and respective trust store > file and signed it using keytool command. I followed complete steps as > mentioned in "Encryption and Authentication using SSL" section. > > I also configured these files is server.properties file and started both > zookeeper and broker. > > Here I configured broker listeners as > > listeners=SSL://0.0.0.0:9093 > > > When I test the setup of truststore and keystore using below command > > opens s_client -debug -connect localhost:9093 -tls1 > > > I am getting correct subject and issuer in response but at the same time I > am getting below exception in kafka-broker console > > javax.net.ssl.SSLHandshakeException: null cert chain > at sun.security.ssl.Handshaker.checkthrown(Handshaker.java:1478) > > Further, all the message post using Kafka publisher with clients > certificate ( created with above steps) on port 9093 is rejected by broker. > > Want to understand if some steps are missing to create certificate chain. > > > Thanks in advance > Awadhesh >
