Apache-kafka SSL handshake failed (org.apache.kafka.common.network.Selector)

Question

I'm having trouble setting up Kafka.

I keep seeing the same error message in my server.log:

[2025-02-14 18:45:42,849] INFO [SocketServer listenerType=ZK_BROKER, nodeId=1] 
Failed authentication with /192.168.1.1 (channelId=192.168.1.1:9093-192.168.1.1:40076-307) 
(SSL handshake failed) (org.apache.kafka.common.network.Selector)

Both Zookeeper and Kafka are using the same keystore and truststore.

Here are my server.properties:

ssl.keystore.location=/opt/kafka/certs/hostname.jks
ssl.keystore.password=password
ssl.key.password=password
ssl.truststore.location=/opt/kafka/certs/truststore.jks
ssl.truststore.password=password
ssl.client.auth=required
ssl.endpoint.identification.algorithm=

And my zookeeper.properties:

server.1=hostname:2888:3888

# SSL Settings
clientCnxnSocket=org.apache.zookeeper.ClientCnxnSocketNetty
serverCnxnFactory=org.apache.zookeeper.server.NettyServerCnxnFactory
ssl.hostnameVerification=false
secureClientPort=2281
ssl.keyStore.location=/opt/kafka/certs/hostname.jks
ssl.keyStore.password=password
ssl.trustStore.location=/opt/kafka/certs/
truststore.jks
ssl.trustStore.password=password

#quorum
sslQuorum=true
ssl.quorum.keyStore.location=/opt/kafka/certs/hostname.jks
ssl.quorum.keyStore.password=password
ssl.quorum.trustStore.location=/opt/kafka/certs/truststore.jks
ssl.quorum.trustStore.password=password
ssl.quorum.hostnameVerification=false

I'm not sure what's going wrong. Any ideas on where to look?

Also, I can't run some commands using the binary files. For example:

./kafka-console-producer.sh --bootstrap-server \
localhost:9093 --topic TOPIC_NAME

Gives me:

[2025-02-14 18:53:08,118] WARN [Producer clientId=console-producer]
 Connection to node -1 (localhost/127.0.0.1:9093) could not be established.
 Node may not be available. (org.apache.kafka.clients.NetworkClient)
[2025-02-14 18:53:08,119] WARN [Producer clientId=console-producer]
 Bootstrap broker localhost:9093 (id: -1 rack: null) disconnected 
(org.apache.kafka.clients.NetworkClient)

Or:

./kafka-console-producer.sh --bootstrap-server \
hostname:9093 --topic TOPIC_NAME

Gives me:

[2025-02-14 18:52:52,278] WARN Couldn't resolve server hostname:9093 from bootstrap.servers as DNS resolution failed for hostname
(org.apache.kafka.clients.ClientUtils)org.apache.kafka.common.KafkaException: Failed to construct kafka producerat
 org.apache.kafka.clients.producer.KafkaProducer.<init>(KafkaProducer.java:473)at 
org.apache.kafka.clients.producer.KafkaProducer.<init>(KafkaProducer.java:294)at 
org.apache.kafka.clients.producer.KafkaProducer.<init>(KafkaProducer.java:321)at 
org.apache.kafka.clients.producer.KafkaProducer.<init>(KafkaProducer.java:306)at kafka.tools.ConsoleProducer$.main(ConsoleProducer.scala:98)at 
kafka.tools.ConsoleProducer.main(ConsoleProducer.scala)Caused by: 
org.apache.kafka.common.config.ConfigException: No resolvable bootstrap urls given in bootstrap.serversat 
org.apache.kafka.clients.ClientUtils.parseAndValidateAddresses(ClientUtils.java:103)at 
org.apache.kafka.clients.ClientUtils.parseAndValidateAddresses(ClientUtils.java:62)at 
org.apache.kafka.clients.ClientUtils.parseAndValidateAddresses(ClientUtils.java:58)at 
org.apache.kafka.clients.producer.KafkaProducer.<init>(KafkaProducer.java:448)... 5 more

Any help would be greatly appreciated!

I've also tried disabling SSL for both Kafka and Zookeeper. I've attempted adding the full certificate chain to the keystore and regenerated the certificates multiple times.