apache-kafka - Kafka 服务器 SSL 配置异常

标签 apache-kafka

这是我的 Kafka server.properties 配置的一部分:

listeners=SSL://192.168.78.131:9092
ssl.keystore.location=/home/linuxea/encr/server.keystore.jks
ssl.keystore.password=linuxea
ssl.key.password=linuxea
security.inter.broker.protocol=SSL

抛出 SSL 异常:当我启动服务器时
[2018-04-18 02:05:32,229] ERROR [Controller id=0, targetBrokerId=0] Connection to node 0 failed authentication due to: SSL handshake failed (org.apache.kafka.clients.NetworkClient)\
[2018-04-18 02:05:32,245] ERROR [KafkaServer id=0] Connection to node 0 failed authentication due to: SSL handshake failed (org.apache.kafka.clients.NetworkClient)
[2018-04-18 02:05:32,246] WARN SSL handshake failed (kafka.utils.CoreUtils$)
org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed
Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
    at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1529)
    at sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:535)
    at sun.security.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1214)
    at sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1186)
    at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:469)
    at org.apache.kafka.common.network.SslTransportLayer.handshakeWrap(SslTransportLayer.java:434)
    at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:299)
    at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:253)
    at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:79)
    at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:486)
    at org.apache.kafka.common.network.Selector.poll(Selector.java:424)
    at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:460)
    at org.apache.kafka.clients.NetworkClientUtils.awaitReady(NetworkClientUtils.java:73)
    at kafka.server.KafkaServer.doControlledShutdown$1(KafkaServer.scala:485)
    at kafka.server.KafkaServer.kafka$server$KafkaServer$$controlledShutdown(KafkaServer.scala:534)
    at kafka.server.KafkaServer$$anonfun$shutdown$1.apply$mcV$sp(KafkaServer.scala:556)
    at kafka.utils.CoreUtils$.swallow(CoreUtils.scala:85)
    at kafka.server.KafkaServer.shutdown(KafkaServer.scala:556)
    at kafka.server.KafkaServerStartable.shutdown(KafkaServerStartable.scala:48)
    at kafka.Kafka$$anon$1.run(Kafka.scala:89)
Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
    at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
    at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1728)
    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:330)
    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:322)
    at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1614)
    at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216)
    at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1052)
    at sun.security.ssl.Handshaker$1.run(Handshaker.java:992)
    at sun.security.ssl.Handshaker$1.run(Handshaker.java:989)
    at java.security.AccessController.doPrivileged(Native Method)
    at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1467)
    at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:388)
    at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:468)
    at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:326)
... 13 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:397)
    at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:302)
    at sun.security.validator.Validator.validate(Validator.java:260)
    at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)
     at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:281)
    at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:136)
    at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1601)
... 22 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
    at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
    at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
    at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:392)
... 28 more

我什至没有尝试启动客户端。其实我对kafka的安全性不是很了解,我只是按照kafka文档进行配置。
下一步我该怎么做?

衷心感谢!

最佳答案

您使用 SSL 进行代理间通信。当经纪人连接并相互交谈时,他们充当客户。

当代理连接并进行握手时,客户端(= 打开连接的代理)需要验证服务器的身份(= 接受连接的代理)。你的异常(exception)基本上是说这在你的情况下失败了。

这必须使用信任库来完成。您需要创建一个信任库,其中应包含您用来签署代理证书的 CA 的公钥或所有代理证书的公钥,以防您使用自签名证书。然后指定 ssl.truststore.locationssl.truststore.password代理配置文件中的选项。那应该有帮助。

关于apache-kafka - Kafka 服务器 SSL 配置异常,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/49892423/

上一篇:r - 过滤每组中间行

下一篇:Angular 通用 Firebase : no provider for InjectionToken MODULE_MAP

相关文章:

java - Kafka Confluence 平台 3.3 WARN 无法建立与节点 -1 的连接。经纪人可能不可用

php - RD_KAFKA_PARTITION_UA 在 librdkafka 中是如何工作的?

apache-kafka - 卡夫卡流并发?

apache-kafka - Leader 在控制台 Producer 中不可用 Kafka

apache-kafka - 再次重新处理/读取 Kafka 记录/消息 - 消费者组偏移重置的目的是什么?

amazon-web-services - Apache kafka生产者不存储数据

java - Apache Kafka 是否能够处理事务?

java - Kafka Spout 在 Storm Topology 上读取了两次消息

docker - 在 Linux 上使用 confluent-kafka-go 构建 Go 应用程序

apache-kafka - 配置 Kafka 客户端以连接已发布的 SSL key /证书

©2024 IT工具网  联系我们