问题
I am trying to enable SSL Authentication on my Kafka server. I am following 7.2 section in below documentation(link).
http://kafka.apache.org/documentation.html#security_ssl
Followed all steps, but while calling the producer.bat file to send data in to the topic i get below error.
ERROR [Producer clientId=console-producer] Connection to node -1 failed authentication due to: SSL handshake failed (org.apache.kafka.clients.NetworkClient)
Caused by: java.security.cert.CertificateException: No name matching localhost found
I did create the certificate with CN=localhost.
回答1:
The server host name verification may be disabled by setting ssl.endpoint.identification.algorithm to an empty string on the client
回答2:
Just set
ssl.endpoint.identification.algorithm=
It can help you.
I.e with an empty value:
ssl.endpoint.identification.algorithm=
回答3:
Generally java.security.cert.CertificateException: No name matching localhost found means that the hostname in the certificate does not match the hostname of the server.
There is a great explanation of this error on the following thread.
回答4:
We encounterd the following errors, this might because the upgrade of Kafka's version from 1.x to 2.x.
javax.net.ssl.SSLHandshakeException: General SSLEngine problem ... javax.net.ssl.SSLHandshakeException: General SSLEngine problem ... java.security.cert.CertificateException: No name matching *** found
or
[Producer clientId=producer-1] Connection to node -2 failed authentication due to: SSL handshake failed
The default value for ssl.endpoint.identification.algorithm was changed to https, which performs hostname verification (man-in-the-middle attacks are possible otherwise). Set ssl.endpoint.identification.algorithm to an empty string to restore the previous behaviour. Apache Kafka Notable changes in 2.0.0
Solution: SslConfigs.SSL_ENDPOINT_IDENTIFICATION_ALGORITHM_CONFIG, ""
回答5:
For me it is an issue with input given to first name and last name for Keytool
来源:https://stackoverflow.com/questions/53614443/kafka-ssl-handshake-failed-issue