Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Support for ssl.endpoint.identification.algorithm
See original GitHub issueCurrently it seems impossible to disable SSL verification of the kafka broker by setting ssl.endpoint.identification.algorithm= in the consumer.properties.
I’m using the latest version build from master 1.3.3.21.
My consumer.properties
security.protocol=SASL_SSL
sasl.mechanism=PLAIN
ssl.truststore.location=/mnt/tls/kafka.server.truststure.jks
ssl.truststore.password=*****
sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required username="kafka-user" password="*****";
ssl.endpoint.identification.algorithm=
key.deserializer=org.apache.kafka.common.serialization.ByteArrayDeserializer
value.deserializer=org.apache.kafka.common.serialization.ByteArrayDeserializer
Is there another way to disable the SSL verification?
km-74bb9cbbdf-hgc67 kafka-manager [error] o.a.k.c.NetworkClient - [Consumer clientId=consumer-1, groupId=KMOffsetCache-km-74bb9cbbdf-hgc67] Connection to node -7 failed authentication due to: SSL handshake failed
km-74bb9cbbdf-hgc67 kafka-manager [warn] k.m.a.c.KafkaManagedOffsetCache - Failed to process a message from offset topic on cluster testcluster!
km-74bb9cbbdf-hgc67 kafka-manager org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed
km-74bb9cbbdf-hgc67 kafka-manager Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
km-74bb9cbbdf-hgc67 kafka-manager at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1529) ~[na:1.8.0_171]
km-74bb9cbbdf-hgc67 kafka-manager at sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:535) ~[na:1.8.0_171]
km-74bb9cbbdf-hgc67 kafka-manager at sun.security.ssl.SSLEngineImpl.writeAppRecord(SSLEngineImpl.java:1214) ~[na:1.8.0_171]
km-74bb9cbbdf-hgc67 kafka-manager at sun.security.ssl.SSLEngineImpl.wrap(SSLEngineImpl.java:1186) ~[na:1.8.0_171]
km-74bb9cbbdf-hgc67 kafka-manager at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:469) ~[na:1.8.0_171]
km-74bb9cbbdf-hgc67 kafka-manager at org.apache.kafka.common.network.SslTransportLayer.handshakeWrap(SslTransportLayer.java:434) ~[org.apache.kafka.kafka-clients-1.1.0.jar:na]
km-74bb9cbbdf-hgc67 kafka-manager at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:299) ~[org.apache.kafka.kafka-clients-1.1.0.jar:na]
km-74bb9cbbdf-hgc67 kafka-manager at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:253) ~[org.apache.kafka.kafka-clients-1.1.0.jar:na]
km-74bb9cbbdf-hgc67 kafka-manager at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:79) ~[org.apache.kafka.kafka-clients-1.1.0.jar:na]
km-74bb9cbbdf-hgc67 kafka-manager at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:486) ~[org.apache.kafka.kafka-clients-1.1.0.jar:na]
km-74bb9cbbdf-hgc67 kafka-manager Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
km-74bb9cbbdf-hgc67 kafka-manager at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) ~[na:1.8.0_171]
km-74bb9cbbdf-hgc67 kafka-manager at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1728) ~[na:1.8.0_171]
km-74bb9cbbdf-hgc67 kafka-manager at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:330) ~[na:1.8.0_171]
km-74bb9cbbdf-hgc67 kafka-manager at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:322) ~[na:1.8.0_171]
km-74bb9cbbdf-hgc67 kafka-manager at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1614) ~[na:1.8.0_171]
km-74bb9cbbdf-hgc67 kafka-manager at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216) ~[na:1.8.0_171]
km-74bb9cbbdf-hgc67 kafka-manager at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1052) ~[na:1.8.0_171]
km-74bb9cbbdf-hgc67 kafka-manager at sun.security.ssl.Handshaker$1.run(Handshaker.java:992) ~[na:1.8.0_171]
km-74bb9cbbdf-hgc67 kafka-manager at sun.security.ssl.Handshaker$1.run(Handshaker.java:989) ~[na:1.8.0_171]
km-74bb9cbbdf-hgc67 kafka-manager at java.security.AccessController.doPrivileged(Native Method) ~[na:1.8.0_171]
km-74bb9cbbdf-hgc67 kafka-manager Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
km-74bb9cbbdf-hgc67 kafka-manager at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:397) ~[na:1.8.0_171]
km-74bb9cbbdf-hgc67 kafka-manager at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:302) ~[na:1.8.0_171]
km-74bb9cbbdf-hgc67 kafka-manager at sun.security.validator.Validator.validate(Validator.java:260) ~[na:1.8.0_171]
km-74bb9cbbdf-hgc67 kafka-manager at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324) ~[na:1.8.0_171]
km-74bb9cbbdf-hgc67 kafka-manager at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:281) ~[na:1.8.0_171]
km-74bb9cbbdf-hgc67 kafka-manager at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:136) ~[na:1.8.0_171]
km-74bb9cbbdf-hgc67 kafka-manager at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1601) ~[na:1.8.0_171]
km-74bb9cbbdf-hgc67 kafka-manager at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216) ~[na:1.8.0_171]
km-74bb9cbbdf-hgc67 kafka-manager at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1052) ~[na:1.8.0_171]
km-74bb9cbbdf-hgc67 kafka-manager at sun.security.ssl.Handshaker$1.run(Handshaker.java:992) ~[na:1.8.0_171]
km-74bb9cbbdf-hgc67 kafka-manager Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
km-74bb9cbbdf-hgc67 kafka-manager at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141) ~[na:1.8.0_171]
km-74bb9cbbdf-hgc67 kafka-manager at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126) ~[na:1.8.0_171]
km-74bb9cbbdf-hgc67 kafka-manager at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280) ~[na:1.8.0_171]
km-74bb9cbbdf-hgc67 kafka-manager at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:392) ~[na:1.8.0_171]
km-74bb9cbbdf-hgc67 kafka-manager at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:302) ~[na:1.8.0_171]
km-74bb9cbbdf-hgc67 kafka-manager at sun.security.validator.Validator.validate(Validator.java:260) ~[na:1.8.0_171]
km-74bb9cbbdf-hgc67 kafka-manager at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324) ~[na:1.8.0_171]
km-74bb9cbbdf-hgc67 kafka-manager at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:281) ~[na:1.8.0_171]
km-74bb9cbbdf-hgc67 kafka-manager at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:136) ~[na:1.8.0_171]
km-74bb9cbbdf-hgc67 kafka-manager at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1601) ~[na:1.8.0_171]
Issue Analytics
- State:
- Created 5 years ago
- Reactions:4
- Comments:5
Top Results From Across the Web
Encryption and Authentication with SSL
ssl.endpoint.identification.algorithm The endpoint identification algorithm used by clients to validate server host name. The default value is ...
Read more >Kafka java consumer SSL handshake Error : java.security.cert ...
You have to set ssl.endpoint.identification.algorithm to an empty ... the problem then it means the certificate does not match the hostname ...
Read more >HOW TO: Connect to SSL enabled Kafka - Search
Perform the following steps to connect to SSL enabled Kafka: ... For https.endpoint.identification.algorithm=HTTPS to work, the CN part of ...
Read more >Default ssl.endpoint.identification.algorithm should be https
public static final String SSL_ENDPOINT_IDENTIFICATION_ALGORITHM_CONFIG = "ssl.endpoint.identification.algorithm"; public static final String ...
Read more >Support for ssl.endpoint.identification.algorithm #560 - GitHub
Currently it seems impossible to disable SSL verification of the kafka broker by setting ssl.endpoint.identification.algorithm= in the ...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Did you go into the cluster config and change the security protocol to PLAINTEXT ?
I have same problem.