Hi,
I configured my Kafka installation (on a remote Ubuntu server with only 1 broker) with SSL (I generate all certificates needed), but when I try to verify if it's ok with the command: openssl s_client -debug -connect localhost:9093 -tls1 I have this reply: CONNECTED(00000003) write to 0x55e48b840750 [0x55e48b8512d0] (7 bytes => 7 (0x7)) 0000 - 15 03 01 00 02 02 50 ......P 139631163029312:error:141E70BF:SSL routines:tls_construct_client_hello:no protocols available:../ssl/statem/statem_clnt.c:1112: --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 0 bytes and written 7 bytes Verification: OK --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE No ALPN negotiated Early data was not sent Verify return code: 0 (ok) --- read from 0x55e48b840750 [0x55e48b834fe0] (8192 bytes => 0 (0x0)) and I suppose it is not ok. If I try to create a topic with: ./bin/kafka-topics.sh --create --bootstrap-server localhost:9094 --command-config /home/kafka/kafka2_13_3/config/ssl-user-config.properties --replication-factor 1 --partitions 1 --topic demo-topic I receive the error: [2021-11-21 13:49:55,854] ERROR [AdminClient clientId=adminclient-1] Connection to node -1 (localhost/127.0.0.1:9094) failed authentication due to: SSL handshake failed (org.apache.kafka.clients.NetworkClient) [2021-11-21 13:49:55,855] WARN [AdminClient clientId=adminclient-1] Metadata update failed due to authentication error (org.apache.kafka.clients.admin.internals.AdminMetadataManager) org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection? at java.base/sun.security.ssl.SSLEngineInputRecord.bytesInCompletePacket(SSLEng ineInputRecord.java:146) at java.base/sun.security.ssl.SSLEngineInputRecord.bytesInCompletePacket(SSLEng ineInputRecord.java:64) at java.base/sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:557) at java.base/sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:454) at java.base/sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:433) at java.base/javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:637) at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTranspo rtLayer.java:509) at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLa yer.java:368) at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLaye r.java:291) at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543 ) at org.apache.kafka.common.network.Selector.poll(Selector.java:481) at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:551) at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processR equests(KafkaAdminClient.java:1389) at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(Kafk aAdminClient.java:1320) at java.base/java.lang.Thread.run(Thread.java:829) Error while executing topic command : SSL handshake failed Something went wrong? This my server.properties (SSL configs): listeners=PLAINTEXT://localhost:9092,SSL://localhost:9093,SASL_SSL://localho st:9094 ssl.keystore.location=/home/kafka/ssl/kafka.server.keystore.jks ssl.keystore.password=secret ssl.key.password=secret ssl.truststore.location=/home/kafka/ssl/kafka.server.truststore.jks ssl.truststore.password= secret advertised.listeners=PLAINTEXT://localhost:9092,SSL://localhost:9093,SASL_SS L://localhost:9094 zookeeper.connect=localhost:2181 #security.inter.broker.protocol=SSL #ssl.client.auth=required #sasl.enabled.mechanisms=PLAIN ########### SECURITY using SCRAM-SHA-512 and SSL ################### ssl.endpoint.identification.algorithm=https://localhost ssl.client.auth=none sasl.enabled.mechanisms=PLAIN client.properties: listeners=PLAINTEXT://localhost:9092,SSL://localhost:9093,SASL_SSL://localho st:9094 #listeners=PLAINTEXT://:9092,SSL://:9093,SASL_SSL://:9094 ssl.keystore.location=/home/kafka/ssl/kafka.server.keystore.jks ssl.keystore.password=secret ssl.key.password=giuseppe ssl.truststore.location=/home/kafka/ssl/kafka.server.truststore.jks ssl.truststore.password=secret advertised.listeners=PLAINTEXT://localhost:9092,SSL://localhost:9093,SASL_SS L://localhost:9094 #advertised.listeners=PLAINTEXT://:9092,SSL://:9093,SASL_SSL://:9094 zookeeper.connect=localhost:2181 #security.inter.broker.protocol=SSL #ssl.client.auth=required #sasl.enabled.mechanisms=PLAIN ########### SECURITY using SCRAM-SHA-512 and SSL ################### #security.inter.broker.protocol=SASL_SSL ssl.endpoint.identification.algorithm=https://localhost ssl.client.auth=required #sasl.mechanism.inter.broker.protocol=SCRAM-SHA-512 sasl.enabled.mechanisms=PLAIN kafka_server_jaas kafka@kafka2:~/kafka2_13_3/config$ vi server.properties kafka@kafka2:~/kafka2_13_3/config$ vi kafka_server_jaas.conf KafkaServer { org.apache.kafka.common.security.plain.PlainLoginModule required username="admin" password="secret" user_giuseppe="giuseppe" user_client="client"; }; Client { org.apache.zookeeper.server.auth.DigestLoginModule required username="giuseppe" password="secret"; }; zoopeeker_server_jaas Server { org.apache.zookeeper.server.auth.DigestLoginModule required user_super="giuseppe" user_giuseppe="giuseppe"; }; Client { org.apache.zookeeper.server.auth.DigestLoginModule required username="giuseppe" password="secret"; }; Any help is appreciated. Best regards. Giuseppe -- Questa email รจ stata esaminata alla ricerca di virus da AVG. http://www.avg.com