Hi Alexis, the first step would be to verify whether the keystore that you are trying to use is compatible with the Java version inside of your Docker container ( even before involving any of Flink specifics). Try the following:
- Run your Flink Docker container locally - Mount a folder with your certificate into this container at startup - Open a shell into this running connector, locate the "keytool" utility and try to use it to import the certificate Best, Alexander Fedulov | Solutions Architect <https://www.ververica.com/> Follow us @VervericaData -- Join Flink Forward <https://flink-forward.org/> - The Apache Flink Conference Stream Processing | Event Driven | Real Time -- Ververica GmbH | Invalidenstrasse 115, 10115 Berlin, Germany -- Ververica GmbH Registered at Amtsgericht Charlottenburg: HRB 158244 B Managing Directors: Yip Park Tung Jason, Jinwei (Kevin) Zhang, Karl Anton Wehner On Mon, Aug 16, 2021 at 7:52 PM Alexis Sarda-Espinosa < alexis.sarda-espin...@microfocus.com> wrote: > Hello, > > I am trying to configure TLS communication for a Flink cluster running on > Kubernetes. I am currently using the BCFKS format and setting that as > default via javax.net.ssl.keystoretype and javax.net.ssl.truststoretype > (which are injected in the environment variable FLINK_ENV_JAVA_OPTS). The > task manager is failing with "Invalid Keystore format", so I'm wondering if > there are special limitations with regards to supported TLS configurations? > > Regards, > Alexis. > >
