我希望让SSL与Kafka一起运行,以使其更安全 . 我下载了Kafka并安装了它 . 我按照关于为SSL创建证书和信任库的说明没有问题 . 我在config / server.properties中添加了以下内容
ssl.enabled.protocols=TLSv1.2,TLSv1.1,TLSv1
ssl.keystore.type=JKS
ssl.truststore.type=JKS
listeners=PLAINTEXT://localhost:9092,SSL://localhost:9093
ssl.endpoint.identification.algorithm=HTTPS
security.inter.broker.protocol=SSL
ssl.secure.random.implementation=SHA1PRNG
ssl.endpoint.identification.algorithm=HTTPS
ssl.keystore.location=/home/ec2-user/workspace/kafka/cert/server.keystore.jks
ssl.key.password=<the password>
ssl.keystore.password=<the password>
ssl.truststore.location=/home/ec2-user/workspace/kafk/cert/server.truststore.jks
ssl.truststore.password=<the password>
启动Zookeeper后,当我启动kafak时出现此错误:[2017-12-07 16:02:52,155] ERROR [Controller id = 0,targetBrokerId = 0]由于以下原因,与节点0的连接验证失败:SSL握手失败( org.apache.kafka.clients.NetworkClient) . 我必须杀死任务才能阻止这条消息
看着 logs/controller.log :
[Controller-0-to-broker-0-send-thread]: Controller 0's connection to broker localhost:9093 (id: 0 rack: null) was unsuccessful (kafka.controller.RequestSendThread)
你必须在端口9093上打开防火墙吗?
谢谢
1 回答
握手失败通常意味着他们能够互相交谈但无法达成一致 .
您应该尝试在配置中没有
ssl.endpoint.identification.algorithm=HTTPS行 . 通常,证书检查中的主机名不匹配是导致此类内容的原因 .