Reputation: 151
Kafka SSL handshake failed issue
I am trying to enable SSL Authentication on my Kafka server. I am following 7.2 section in the Kafka documentation.
Followed all steps, but while calling the producer.bat file to send data in to the topic i get below error.
ERROR [Producer clientId=console-producer] Connection to node -1 failed authentication due to: SSL handshake failed (org.apache.kafka.clients.NetworkClient)
Caused by: java.security.cert.CertificateException: No name matching localhost found
I did create the certificate with CN=localhost.
Upvotes: 15
Views: 70939
Answers (7)
Reputation: 1239
I got this error because of connection problems. Cause by me firewall.
The connection can be checked with:
openssl s_client -debug -connect servername:port -tls1_2
Answer should be "Verify return code: 0 (ok) Other return codes could suggest that you have no access.
Upvotes: 0
Reputation: 3945
When using Strimzi Kafka operator, use the cluster ca cert (add to jks truststore) to avoid this error. The client CA certificate was always throwing this error for me.
Upvotes: 1
Reputation: 297
Generally java.security.cert.CertificateException: No name matching localhost found means that the hostname in the certificate does not match the hostname of the server.
There is a great explanation of this error here: CertificateException: No name matching ssl.someUrl.de found
Upvotes: 2
Reputation: 1249
The server host name verification may be disabled by setting ssl.endpoint.identification.algorithm to an empty string on the client.
Upvotes: 24
Reputation: 67
Just set
ssl.endpoint.identification.algorithm=
It can help you.
I.e with an empty value:
ssl.endpoint.identification.algorithm=
Upvotes: 5
Reputation: 343
For me it is an issue with input given to first name and last name for Keytool
Upvotes: 2
Reputation: 101
We encounterd the following errors, this might because the upgrade of Kafka's version from 1.x to 2.x.
javax.net.ssl.SSLHandshakeException: General SSLEngine problem ... javax.net.ssl.SSLHandshakeException: General SSLEngine problem ... java.security.cert.CertificateException: No name matching *** found
or
[Producer clientId=producer-1] Connection to node -2 failed authentication due to: SSL handshake failed
The default value for ssl.endpoint.identification.algorithm was changed to https, which performs hostname verification (man-in-the-middle attacks are possible otherwise). Set ssl.endpoint.identification.algorithm to an empty string to restore the previous behaviour. Apache Kafka Notable changes in 2.0.0
Solution: SslConfigs.SSL_ENDPOINT_IDENTIFICATION_ALGORITHM_CONFIG, ""
Upvotes: 1
Related Questions
- Kafka server SSL configuration exception
- kafka failed authentication due to: SSL handshake failed
- Kafka - unable to find valid certification path
- kafka - ssl handshake failing
- Kafka Broker Failed authentication - SSL handshake failed
- Kafka SSL connection error
- Kafka SSL handshake failed in custom Java producer
- Error openssl handshaking server do not respond
- Starting Kafka Broker with SSL give SSLHandShakeError
- Apache kafka 2.0.0 version - Connection to node 1 failed authentication due to: SSL handshake