devinbost commented on issue #84:
URL:
https://github.com/apache/pulsar-helm-chart/issues/84#issuecomment-729305401
Just before the exception is thrown, it appears that the broker is
successfully able to establish a TLS session with Zookeeper, but then it gives
this odd message:
```
Inaccessible trust store: /usr/local/openjdk-8/jre/lib/security/jssecacerts
trustStore is: /usr/local/openjdk-8/jre/lib/security/cacerts
trustStore type is: jks
trustStore provider is:
the last modified time is: Thu Apr 16 10:21:14 UTC 2020
Reload the trust store
Reload trust certs
Reloaded 128 trust certs
```
and then loads a lot of certs, like:
```
adding as trusted cert:
Subject: CN=Hongkong Post Root CA 1, O=Hongkong Post, C=HK
Issuer: CN=Hongkong Post Root CA 1, O=Hongkong Post, C=HK
Algorithm: RSA; Serial number: 0x3e8
Valid from Thu May 15 05:13:14 UTC 2003 until Mon May 15 04:52:29 UTC 2023
adding as trusted cert:
Subject: CN=SecureTrust CA, O=SecureTrust Corporation, C=US
Issuer: CN=SecureTrust CA, O=SecureTrust Corporation, C=US
Algorithm: RSA; Serial number: 0xcf08e5c0816a5ad427ff0eb271859d0
Valid from Tue Nov 07 19:31:18 UTC 2006 until Mon Dec 31 19:40:55 UTC 2029
. . .
```
Immediately after it loads those certs, it reports:
```
trigger seeding of SecureRandom
done seeding SecureRandom
```
and then gets the 401 with:
`org.apache.pulsar.broker.web.AuthenticationFilter - [10.244.0.9] Failed to
authenticate HTTP request: Client unable to authenticate with TLS certificate`
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
