我正在尝试使用 PEM 为我的 kafka 客户端配置单向 SSL。目前我正在尝试使用 kafka-topics.sh --list
但将来它将是一个无法使用 JKS 的 Java 客户端。错误消息告诉我指定类型,但我引用的文档没有告诉我如何指定: https://kafka.apache.org/documentation/#producerconfigs_ssl.truststore.certificates
ssl.truststore.certificates
Trusted certificates in the format specified by 'ssl.truststore.type'. Default SSL engine factory supports only PEM format with X.509 certificates.
Type: password Default: null Valid Values: Importance: high
以下是来自 kafka-topics.sh 的错误消息
~/kafka/bin/kafka-topics.sh \
--command-config /home/kafka/kafka/client_security_one_way_ssl_using_pem.properties \
--bootstrap-server MY_IP:9093 \
--list
Exception in thread "main" org.apache.kafka.common.KafkaException: Failed to create new KafkaAdminClient
at org.apache.kafka.clients.admin.KafkaAdminClient.createInternal(KafkaAdminClient.java:535)
at org.apache.kafka.clients.admin.Admin.create(Admin.java:65)
at kafka.admin.TopicCommand$AdminClientTopicService$.createAdminClient(TopicCommand.scala:228)
at kafka.admin.TopicCommand$AdminClientTopicService$.apply(TopicCommand.scala:232)
at kafka.admin.TopicCommand$.main(TopicCommand.scala:59)
at kafka.admin.TopicCommand.main(TopicCommand.scala)
Caused by: org.apache.kafka.common.errors.InvalidConfigurationException: SSL trust store certs can be specified only for PEM, but trust store type is JKS.
client_security_one_way_ssl_using_pem.properties
的内容:
ssl.endpoint.identification.algorithm=
security.protocol=SSL
ssl.truststore.certificates=-----BEGIN CERTIFICATE----- \
< SECRET :) > \
-----END CERTIFICATE-----
我也尝试添加
ssl.truststore.type=PEM
但现在我的错误消息是:
[2021-03-10 16:18:21,343] WARN The configuration 'ssl.truststore.certificates' was supplied but isn't a known config. (org.apache.kafka.clients.admin.AdminClientConfig)
[2021-03-10 16:18:21,344] WARN The configuration 'ssl.truststore.type' was supplied but isn't a known config. (org.apache.kafka.clients.admin.AdminClientConfig)
[2021-03-10 16:18:21,344] WARN The configuration 'ssl.endpoint.identification.algorithm' was supplied but isn't a known config. (org.apache.kafka.clients.admin.AdminClientConfig)
2.7.0 应该支持这些属性:
~/kafka/bin/kafka-topics.sh --version
2.7.0 (Commit:448719dc99a19793)
最佳答案
根本原因是我需要拥有
ssl.truststore.type=PEM
在我的属性文件中。
WARN
日志消息不是问题。 Apache Kafka 正在此处跟踪该错误:https://issues.apache.org/jira/browse/KAFKA-10090并从 2.8.0 开始修复。
[2021-03-10 16:18:21,343] WARN The configuration 'ssl.truststore.certificates' was supplied but isn't a known config. (org.apache.kafka.clients.admin.AdminClientConfig)
[2021-03-10 16:18:21,344] WARN The configuration 'ssl.truststore.type' was supplied but isn't a known config. (org.apache.kafka.clients.admin.AdminClientConfig)
[2021-03-10 16:18:21,344] WARN The configuration 'ssl.endpoint.identification.algorithm' was supplied but isn't a known config. (org.apache.kafka.clients.admin.AdminClientConfig)
实际上是在获取主题,但我没有主题。
关于java - 使用 PEM 配置 Kafka 客户端单向 SSL,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/66572972/