I tried all possible ways (including the way you suggested Michael), but I still get the same error.
Is there a step by step guide to get ACLs working in Kafka with SSL ? Thanks. On Fri, May 19, 2017 at 11:40 AM, Michael Rauter <mrau...@anexia-it.com> wrote: > Hi, > > with SSL client authentication the user identifier is the dname of the > certificate > > in your case “CN=Bob,O=FB,OU=MA,L=MP,ST=CA,C=US” > > for example when you want to set an ACL rule (read and write for topic > TOPICNAME from every host): > > $ kafka-acls --authorizer-properties zookeeper.connect=zookeeper:2181 > --add --allow-principal User:CN=Bob,O=FB,OU=MA,L=MP,ST=CA,C=US > --allow-host "*" --operation Read --operation Write --topic TOPICNAME > > > Am 19.05.17, 20:02 schrieb "Raghav" <raghavas...@gmail.com>: > > If it helps, this is how I generated the keystone for my client > > $ keytool -alias kafka-dev2 -validity 365 -keystore > kafka-dev2.keystore.jks > -dname "CN=Bob,O=FB,OU=MA,L=MP,ST=CA,C=US" -genkey -ext SAN=DNS: > kafka-dev2.example.com -storepass 123456 > > Anything wrong here ? > > On Fri, May 19, 2017 at 10:32 AM, Raghav <raghavas...@gmail.com> > wrote: > > > Hi > > > > I have a SSL setup with Kafka Broker, Producer and Consumer, and it > works > > fine. I tried to setup ACLs as given on the website. When I start my > > producer, I am getting this error: > > > > > > [root@kafka-dev2 KAFKA]# bin/kafka-console-producer --broker-list > > kafka-dev1.example.com:9093 --topic test --producer.config > > ./etc/kafka/producer.properties > > > > HelloWorld > > > > [2017-05-19 10:24:42,437] WARN Error while fetching metadata with > > correlation id 1 : {test=UNKNOWN_TOPIC_OR_PARTITION} > > (org.apache.kafka.clients.NetworkClient) > > [root@kafka-dev2 KAFKA]# > > > > > > server config has the following entries > > ------------------------------------ > > authorizer.class.name=kafka.security.auth.SimpleAclAuthorizer > > super.users=User:Bob > > ------------------------------------ > > > > When certificate was being generated for Producer (Bob was used in > the > > CNAME.) > > > > > > Am I missing something here ? Please help > > > > Thanks. > > > > Raghav > > > > > > -- > Raghav > > > -- Raghav