Hello, I wanted to add TLS/SSL to my kafka setup. To start with, I went through the kafka SSL documenation on main website. I have done the following:
1) Imported the signed certificates to keystore 2) Imported the root CA 3) Verified that the keystore and trust store password are correct by using keytool. 4) Started zookeeper and kafka. 5) Confirmed the following from server.log file: Registered broker 0 at path /brokers/ids/0 with addresses: EndPoint(localhost,9092,ListenerName(PLAINTEXT),PLAINTEXT),EndPoint(localhost,9093,ListenerName(SSL),SSL) (kafka.utils.ZkUtils) my server.properties file have both listeners and advertised.listeners set to the following: PLAINTEXT://localhost:9092,SSL://localhost:9093 I also have automatic topic creation enabled. When I do: kafka-console-producer.bat --broker-list localhost:9093 --topic test_ssl --producer.config ..\..\config\producer.properties I am getting the following error: [2017-08-04 16:28:15,265] WARN Error while fetching metadata with correlation id 0 : {test_ssl=LEADER_NOT_AVAILABLE} (org.apache.kafka.clients.NetworkClient) [2017-08-04 16:28:15,372] WARN Error while fetching metadata with correlation id 1 : {test_ssl=LEADER_NOT_AVAILABLE} (org.apache.kafka.clients.NetworkClient) [2017-08-04 16:28:15,474] WARN Error while fetching metadata with correlation id 2 : {test_ssl=LEADER_NOT_AVAILABLE} (org.apache.kafka.clients.NetworkClient) [2017-08-04 16:28:20,302] WARN Error while fetching metadata with correlation id 3 : {test_ssl=LEADER_NOT_AVAILABLE} (org.apache.kafka.clients.NetworkClient) [2017-08-04 16:28:20,406] WARN Error while fetching metadata with correlation id 4 : {test_ssl=LEADER_NOT_AVAILABLE} (org.apache.kafka.clients.NetworkClient) [2017-08-04 16:28:20,512] WARN Error while fetching metadata with correlation id 5 : {test_ssl=LEADER_NOT_AVAILABLE} (org.apache.kafka.clients.NetworkClient) I can confirm from kafka-topics command (also, server.log) that the topic "test_ssl" creation was successful. I hope it's not because of this underscore "_". If there was a handshake issue, it would have been caught in the logs (I think), but it looks like my SSL config has been accepted correctly. Just wanted to know if I have missed something which I cannot quit spot here. Kindest Regards,