English 中文(简体)
如何处理org.apache.kafka.common.errors.SslAuthentication 例外情况:SSL举手失败
原标题:How to handle org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed

我有卡夫卡客户参加这一配置:

spring:
  cloud:
    config:
      enabled: false
    stream:
      kafka:
        binder:
          brokers: localhost:9092
          zkNodes: localhost:2181
          configuration:
            security:
              protocol: SASL_SSL
            sasl:
              mechanism: SCRAM-SHA-256
              kerberos:
                 service:
                    name: "kafka"
              jaas:
                config: org.apache.kafka.common.security.scram.ScramLoginModule required username="user" password="sepultura1";
              
      bindings:
        kafkaDemoTopic:
          destination: kafka_demo_topic

当我试图提出申请时,它就没有这一例外:

org.springframework.cloud.stream.provisioning.ProvisioningException: Provisioning exception encountered for kafka_demo_topic
    at org.springframework.cloud.stream.binder.kafka.provisioning.KafkaTopicProvisioner.createTopic(KafkaTopicProvisioner.java:377) ~[spring-cloud-stream-binder-kafka-core-4.1.0.jar:4.1.0]
    at org.springframework.cloud.stream.binder.kafka.provisioning.KafkaTopicProvisioner.provisionProducerDestination(KafkaTopicProvisioner.java:197) ~[spring-cloud-stream-binder-kafka-core-4.1.0.jar:4.1.0]
    at org.springframework.cloud.stream.binder.kafka.provisioning.KafkaTopicProvisioner.provisionProducerDestination(KafkaTopicProvisioner.java:96) ~[spring-cloud-stream-binder-kafka-core-4.1.0.jar:4.1.0]
    at org.springframework.cloud.stream.binder.AbstractMessageChannelBinder.doBindProducer(AbstractMessageChannelBinder.java:297) ~[spring-cloud-stream-4.1.0.jar:4.1.0]
    at org.springframework.cloud.stream.binder.AbstractMessageChannelBinder.doBindProducer(AbstractMessageChannelBinder.java:102) ~[spring-cloud-stream-4.1.0.jar:4.1.0]
    at org.springframework.cloud.stream.binder.AbstractBinder.bindProducer(AbstractBinder.java:153) ~[spring-cloud-stream-4.1.0.jar:4.1.0]
    at org.springframework.cloud.stream.binding.BindingService.doBindProducer(BindingService.java:353) ~[spring-cloud-stream-4.1.0.jar:4.1.0]
    at org.springframework.cloud.stream.binding.BindingService.bindProducer(BindingService.java:294) ~[spring-cloud-stream-4.1.0.jar:4.1.0]
    at org.springframework.cloud.stream.function.StreamBridge.resolveDestination(StreamBridge.java:272) ~[spring-cloud-stream-4.1.0.jar:4.1.0]
    at org.springframework.cloud.stream.function.StreamBridge.send(StreamBridge.java:168) ~[spring-cloud-stream-4.1.0.jar:4.1.0]
    at org.springframework.cloud.stream.function.StreamBridge.send(StreamBridge.java:147) ~[spring-cloud-stream-4.1.0.jar:4.1.0]
    at org.springframework.cloud.stream.function.StreamBridge.send(StreamBridge.java:142) ~[spring-cloud-stream-4.1.0.jar:4.1.0]
    at org.heller.kafka.demo.producer.KafkaProducer.scheduleFixedRateTask(KafkaProducer.java:32) ~[classes/:na]
    at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:na]
    at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77) ~[na:na]
    at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:na]
    at java.base/java.lang.reflect.Method.invoke(Method.java:568) ~[na:na]
    at org.springframework.scheduling.support.ScheduledMethodRunnable.runInternal(ScheduledMethodRunnable.java:130) ~[spring-context-6.1.1.jar:6.1.1]
    at org.springframework.scheduling.support.ScheduledMethodRunnable.lambda$run$2(ScheduledMethodRunnable.java:124) ~[spring-context-6.1.1.jar:6.1.1]
    at io.micrometer.observation.Observation.observe(Observation.java:499) ~[micrometer-observation-1.12.0.jar:1.12.0]
    at org.springframework.scheduling.support.ScheduledMethodRunnable.run(ScheduledMethodRunnable.java:124) ~[spring-context-6.1.1.jar:6.1.1]
    at org.springframework.scheduling.support.DelegatingErrorHandlingRunnable.run(DelegatingErrorHandlingRunnable.java:54) ~[spring-context-6.1.1.jar:6.1.1]
    at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:539) ~[na:na]
    at java.base/java.util.concurrent.FutureTask.runAndReset(FutureTask.java:305) ~[na:na]
    at java.base/java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:305) ~[na:na]
    at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136) ~[na:na]
    at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635) ~[na:na]
    at java.base/java.lang.Thread.run(Thread.java:833) ~[na:na]
Caused by: java.util.concurrent.ExecutionException: org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed
    at java.base/java.util.concurrent.CompletableFuture.reportGet(CompletableFuture.java:396) ~[na:na]
    at java.base/java.util.concurrent.CompletableFuture.get(CompletableFuture.java:2096) ~[na:na]
    at org.apache.kafka.common.internals.KafkaFutureImpl.get(KafkaFutureImpl.java:180) ~[kafka-clients-3.6.0.jar:na]
    at org.springframework.cloud.stream.binder.kafka.provisioning.KafkaTopicProvisioner.createTopicAndPartitions(KafkaTopicProvisioner.java:413) ~[spring-cloud-stream-binder-kafka-core-4.1.0.jar:4.1.0]
    at org.springframework.cloud.stream.binder.kafka.provisioning.KafkaTopicProvisioner.createTopicIfNecessary(KafkaTopicProvisioner.java:387) ~[spring-cloud-stream-binder-kafka-core-4.1.0.jar:4.1.0]
    at org.springframework.cloud.stream.binder.kafka.provisioning.KafkaTopicProvisioner.createTopic(KafkaTopicProvisioner.java:364) ~[spring-cloud-stream-binder-kafka-core-4.1.0.jar:4.1.0]
    ... 27 common frames omitted
Caused by: org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed
Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[na:na]
    at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:378) ~[na:na]
    at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:321) ~[na:na]
    at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:316) ~[na:na]
    at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[na:na]
    at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[na:na]
    at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[na:na]
    at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[na:na]
    at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[na:na]
    at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[na:na]
    at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[na:na]
    at java.base/java.security.AccessController.doPrivileged(AccessController.java:712) ~[na:na]
    at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[na:na]
    at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[kafka-clients-3.6.0.jar:na]
    at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[kafka-clients-3.6.0.jar:na]
    at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[kafka-clients-3.6.0.jar:na]
    at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[kafka-clients-3.6.0.jar:na]
    at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[kafka-clients-3.6.0.jar:na]
    at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[kafka-clients-3.6.0.jar:na]
    at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[kafka-clients-3.6.0.jar:na]
    at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:571) ~[kafka-clients-3.6.0.jar:na]
    at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1381) ~[kafka-clients-3.6.0.jar:na]
    at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1312) ~[kafka-clients-3.6.0.jar:na]
    at java.base/java.lang.Thread.run(Thread.java:833) ~[na:na]
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[na:na]
    at java.base/sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[na:na]
    at java.base/sun.security.validator.Validator.validate(Validator.java:264) ~[na:na]
    at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[na:na]
    at java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[na:na]
    at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[na:na]
    ... 19 common frames omitted
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at java.base/sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:146) ~[na:na]
    at java.base/sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:127) ~[na:na]
    at java.base/java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[na:na]
    at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[na:na]
    ... 24 common frames omitted

我已将证书进口到陶瓷关键仓库。 谁能给我一个如何处理这一例外的问题? 咖啡店的证书似乎无效。 我无法从洞察着如何处理。 谢谢。

我领导这一指令,以生成+自签证书:

openssl req -new -x509 -days 365 -keyout ca.key -out ca.crt -subj "/C=PL/L=Warsaw/CN=localhost" -passout pass:sepultura1

keytool -genkey -keystore server.keystore -alias localhost -dname CN=localhost -keyalg RSA -validity 365 -ext san=dns:localhost -storepass sepultura1

 keytool -certreq -keystore server.keystore -alias localhost -file server.unsigned.crt -storepass sepultura1

openssl x509 -req -CA ca.crt -CAkey ca.key -in server.unsigned.crt -out server.crt -days 365 -CAcreateserial -passin pass:sepultura1


keytool -import -file ca.crt -keystore server.keystore -alias ca -storepass sepultura1 -noprompt

keytool -import -file server.crt -keystore server.keystore -alias localhost -storepass sepultura1 -noprompt

keytool -import -file ca.crt -keystore client.truststore -alias ca -storepass sepultura1 -noprompt

keytool -import -file server.crt -keystore client.truststore -alias localhost -storepass sepultura1 -noprompt

keytool -import -file server.crt -keystore C:appsjdk17libsecuritycacerts -alias localhost -storepass changeit -noprompt

keytool -import -file ca.crt -keystore C:appsjdk17libsecuritycacerts -alias ca -storepass changeit -noprompt

但仍有这一例外:

org.springframework.cloud.stream.provisioning.ProvisioningException: Provisioning exception encountered for kafka_demo_topic
    at org.springframework.cloud.stream.binder.kafka.provisioning.KafkaTopicProvisioner.createTopic(KafkaTopicProvisioner.java:377) ~[spring-cloud-stream-binder-kafka-core-4.1.0.jar:4.1.0]
    at org.springframework.cloud.stream.binder.kafka.provisioning.KafkaTopicProvisioner.provisionProducerDestination(KafkaTopicProvisioner.java:197) ~[spring-cloud-stream-binder-kafka-core-4.1.0.jar:4.1.0]
    at org.springframework.cloud.stream.binder.kafka.provisioning.KafkaTopicProvisioner.provisionProducerDestination(KafkaTopicProvisioner.java:96) ~[spring-cloud-stream-binder-kafka-core-4.1.0.jar:4.1.0]
    at org.springframework.cloud.stream.binder.AbstractMessageChannelBinder.doBindProducer(AbstractMessageChannelBinder.java:297) ~[spring-cloud-stream-4.1.0.jar:4.1.0]
    at org.springframework.cloud.stream.binder.AbstractMessageChannelBinder.doBindProducer(AbstractMessageChannelBinder.java:102) ~[spring-cloud-stream-4.1.0.jar:4.1.0]
    at org.springframework.cloud.stream.binder.AbstractBinder.bindProducer(AbstractBinder.java:153) ~[spring-cloud-stream-4.1.0.jar:4.1.0]
    at org.springframework.cloud.stream.binding.BindingService.doBindProducer(BindingService.java:353) ~[spring-cloud-stream-4.1.0.jar:4.1.0]
    at org.springframework.cloud.stream.binding.BindingService.bindProducer(BindingService.java:294) ~[spring-cloud-stream-4.1.0.jar:4.1.0]
    at org.springframework.cloud.stream.function.StreamBridge.resolveDestination(StreamBridge.java:272) ~[spring-cloud-stream-4.1.0.jar:4.1.0]
    at org.springframework.cloud.stream.function.StreamBridge.send(StreamBridge.java:168) ~[spring-cloud-stream-4.1.0.jar:4.1.0]
    at org.springframework.cloud.stream.function.StreamBridge.send(StreamBridge.java:147) ~[spring-cloud-stream-4.1.0.jar:4.1.0]
    at org.springframework.cloud.stream.function.StreamBridge.send(StreamBridge.java:142) ~[spring-cloud-stream-4.1.0.jar:4.1.0]
    at org.heller.kafka.demo.producer.KafkaProducer.scheduleFixedRateTask(KafkaProducer.java:32) ~[classes/:na]
    at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:na]
    at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77) ~[na:na]
    at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:na]
    at java.base/java.lang.reflect.Method.invoke(Method.java:568) ~[na:na]
    at org.springframework.scheduling.support.ScheduledMethodRunnable.runInternal(ScheduledMethodRunnable.java:130) ~[spring-context-6.1.1.jar:6.1.1]
    at org.springframework.scheduling.support.ScheduledMethodRunnable.lambda$run$2(ScheduledMethodRunnable.java:124) ~[spring-context-6.1.1.jar:6.1.1]
    at io.micrometer.observation.Observation.observe(Observation.java:499) ~[micrometer-observation-1.12.0.jar:1.12.0]
    at org.springframework.scheduling.support.ScheduledMethodRunnable.run(ScheduledMethodRunnable.java:124) ~[spring-context-6.1.1.jar:6.1.1]
    at org.springframework.scheduling.support.DelegatingErrorHandlingRunnable.run(DelegatingErrorHandlingRunnable.java:54) ~[spring-context-6.1.1.jar:6.1.1]
    at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:539) ~[na:na]
    at java.base/java.util.concurrent.FutureTask.runAndReset(FutureTask.java:305) ~[na:na]
    at java.base/java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:305) ~[na:na]
    at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136) ~[na:na]
    at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635) ~[na:na]
    at java.base/java.lang.Thread.run(Thread.java:833) ~[na:na]
Caused by: java.util.concurrent.ExecutionException: org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed
    at java.base/java.util.concurrent.CompletableFuture.reportGet(CompletableFuture.java:396) ~[na:na]
    at java.base/java.util.concurrent.CompletableFuture.get(CompletableFuture.java:2096) ~[na:na]
    at org.apache.kafka.common.internals.KafkaFutureImpl.get(KafkaFutureImpl.java:180) ~[kafka-clients-3.6.0.jar:na]
    at org.springframework.cloud.stream.binder.kafka.provisioning.KafkaTopicProvisioner.createTopicAndPartitions(KafkaTopicProvisioner.java:413) ~[spring-cloud-stream-binder-kafka-core-4.1.0.jar:4.1.0]
    at org.springframework.cloud.stream.binder.kafka.provisioning.KafkaTopicProvisioner.createTopicIfNecessary(KafkaTopicProvisioner.java:387) ~[spring-cloud-stream-binder-kafka-core-4.1.0.jar:4.1.0]
    at org.springframework.cloud.stream.binder.kafka.provisioning.KafkaTopicProvisioner.createTopic(KafkaTopicProvisioner.java:364) ~[spring-cloud-stream-binder-kafka-core-4.1.0.jar:4.1.0]
    ... 27 common frames omitted
Caused by: org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed
Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[na:na]
    at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:378) ~[na:na]
    at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:321) ~[na:na]
    at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:316) ~[na:na]
    at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[na:na]
    at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[na:na]
    at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[na:na]
    at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[na:na]
    at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[na:na]
    at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[na:na]
    at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[na:na]
    at java.base/java.security.AccessController.doPrivileged(AccessController.java:712) ~[na:na]
    at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[na:na]
    at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[kafka-clients-3.6.0.jar:na]
    at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[kafka-clients-3.6.0.jar:na]
    at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[kafka-clients-3.6.0.jar:na]
    at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[kafka-clients-3.6.0.jar:na]
    at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[kafka-clients-3.6.0.jar:na]
    at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[kafka-clients-3.6.0.jar:na]
    at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[kafka-clients-3.6.0.jar:na]
    at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:571) ~[kafka-clients-3.6.0.jar:na]
    at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1381) ~[kafka-clients-3.6.0.jar:na]
    at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1312) ~[kafka-clients-3.6.0.jar:na]
    at java.base/java.lang.Thread.run(Thread.java:833) ~[na:na]
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[na:na]
    at java.base/sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[na:na]
    at java.base/sun.security.validator.Validator.validate(Validator.java:264) ~[na:na]
    at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[na:na]
    at java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[na:na]
    at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[na:na]
    ... 19 common frames omitted
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at java.base/sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:146) ~[na:na]
    at java.base/sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:127) ~[na:na]
    at java.base/java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[na:na]
    at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[na:na]
    ... 24 common frames omitted
最佳回答

我以这种方式颁发证明:

openssl req -new -x509 -keyout C:appscertsca-key -out C:appscertsca-cert  -days 999
  
keytool -keystore C:appscertskafka.truststore.jks  -alias CARoot -import -file ca-cert

keytool -keystore kafka.keystore.jks -alias localhost -validity 9999 -genkey -keyalg RSA

keytool -keystore kafka.keystore.jks -alias localhost -certreq -file cert-file

openssl x509 -req -CA ca-cert -CAkey ca-key -in cert-file -out cert-signed  -days 9999 -CAcreateserial

keytool -keystore kafka.keystore.jks -alias CARoot -import -file ca-cert

keytool -keystore kafka.keystore.jks -alias localhost -import -file cert-signed

keytool -keystore kafka.truststore.jks  -alias CARoot -import -file ca-cert

keytool -keystore C:appsjdk17libsecuritycacerts -alias CARoot -import -file ca-cert

keytool -keystore C:appsjdk17libsecuritycacerts -alias localhost -import -file cert-signed
  1. check if project in Eclipse point to correct jvm. I have bad path with Eclipse default jvm. When I point to right location, it runs.
时间:2024-01-06 16:04:43
问题回答

我已将证书进口到陶瓷关键仓库。

因此,我将承担 Java天环境(JRE)违约信托店,该仓库通常位于<JAVA_HOME>/lib/security/cacerts

我还将通过“证书”获取>> 托拉斯证书——验证你的卡夫卡经纪人使用的证明。 由于这些证书不是加在一起,这只能意味着你的经纪人使用自签证书。

如果你正在使用 default陶瓷钥匙,并且位于标准地点(<JAVA_HOME>/lib/security/cacerts),则通常不需要使用。 Kafka Binder Estate。 Kafka Binder应当像现在这样使用违约信托机构。

Check first if your Spring Boot project does not already include an SSL configuration in your Kafka client.
It could overwrite the default cacerts (where you imported your certificates, CAs or self-signed).

Within your Spring Boot project, look for application.yml or application.properties. That file is usually found in the src/main/resources directory. If you have environment-specific configuration files, they may be named like application-dev.yml, application-prod.yml, etc. Depending on whether you are using YAML (application.yml) or properties format (application.properties), the configuration will differ slightly.

For application.yml, the Kafka SSL configuration would look like this:

spring:
   kafka:
      producer:
      bootstrap-servers: localhost:9092
      key-serializer: org.apache.kafka.common.serialization.StringSerializer
      value-serializer: org.apache.kafka.common.serialization.StringSerializer
      ssl:
         truststore:
            location: /path/to/your/truststore.jks
            password: truststorepassword
            alias: my-kafka-broker

关于<编码>应用。

spring.kafka.producer.bootstrap-servers=localhost:9092
spring.kafka.producer.key-serializer=org.apache.kafka.common.serialization.StringSerializer
spring.kafka.producer.value-serializer=org.apache.kafka.common.serialization.StringSerializer
spring.kafka.producer.ssl.truststore.location=/path/to/your/truststore.jks
spring.kafka.producer.ssl.truststore.password=truststorepassword
spring.kafka.producer.ssl.truststore.alias=my-kafka-broker
# or
spring.cloud.stream.kafka.binder.certificateStoreDirectory=/path/to/your/truststore.jks

但 如果您的配置中不存在任何特殊语言环境,那么你可以检查<条码>。 关键仓库:

keytool -list -v -keystore <JAVA_HOME>/lib/security/cacerts -storepass changeit

寻找与你的卡夫卡经纪人身份相符的物品或主题。 主题通常包括可能为经纪人签名的CN(共同名称)。

第一步是检查include a CA

• 检查贵卡夫卡经纪人使用的证书,包括:

# Save the certificate
echo -n | openssl s_client -connect kafka-broker-host:kafka-broker-port -showcerts | sed -ne  /-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p  > kafka-broker-cert.pem

# Check if the certificate is self-signed
openssl verify -CAfile kafka-broker-cert.pem kafka-broker-cert.pem

If the certificate is self-signed, openssl verify will return a result like kafka-broker-cert.pem: OK.
That means the certificate itself should be imported into the cacerts truststore.

时间:2024-01-01 00:01:22


上一篇:
下一篇:


相关问题
Kafka stream for processing event which takes long time

I have a Spring Boot Kafka Stream application that reads the records do some HTTP calls and transform the record into another form. This transform record is then sent to the producer. final KStream<...

时间:2023-05-27 02:56:43 回答:0 展示:1
热门标签

友情链接

Allggapp Alljchome-教程家园 mvfinale.com-影视剧情大结局大全