如何解决SSL + Kafka 异常:将 Bouncy 城堡生成的证书添加到 Java 密钥库后,无效值 javax.net.ssl.SSLHandshakeException
我在我的一个 .net 项目中使用 Bouncy Castle(BC) 和 RSA 算法,我使用 BC 创建了根证书 (root.crt),并且我还创建了由 root 签名的证书 (server.crt)。 crt 使用 BC。
使用 Keytool,我已将 server.crt 添加到密钥库 (server.keystore.jks) 并将 root.crt 添加到信任库 (server.truststore.jks)。请找到以下命令将这些证书推送到各自的商店。
将 Server.crt 导入 server.keystore.jks:
keytool -keystore server.keystore.jks -validity 365 -genkey -keyalg RSA -storetype pkcs12
keytool -keystore server.keystore.jks -import -file Server.crt
将 root.crt 导入 server.truststore.jks:
keytool -keystore server.truststore.jks -alias CARoot -import -file root.crt
现在,我指的是 kafka server.properties 文件中这 2 个存储的物理路径,如下所示
server.properties 文件:
ssl.keystore.location=C:\\kafka\\security\\server.keystore.jks
ssl.keystore.type=pkcs12
ssl.keystore.password=12345
ssl.key.password=12345
ssl.truststore.location=C:\\kafka\\security\\server.truststore.jks
ssl.truststore.type=JKS
ssl.truststore.password=12345
ssl.client.auth=required
security.inter.broker.protocol=SSL
ssl.endpoint.identification.algorithm=
当我尝试运行 kafka 服务器时,它因以下错误而关闭。任何人都可以帮我解决这个问题吗?
错误:
[2021-06-18 00:56:13,674] ERROR [KafkaServer id=0] Fatal error during KafkaServer startup. Prepare to shutdown (kafka.server.KafkaServer)
org.apache.kafka.common.KafkaException: org.apache.kafka.common.config.ConfigException: Invalid value javax.net.ssl.SSLHandshakeException: no cipher suites in common for configuration A client SSLEngine created with the provided settings can't connect to a server SSLEngine created with those settings.
at org.apache.kafka.common.network.SslChannelBuilder.configure(SslChannelBuilder.java:74)
at org.apache.kafka.common.network.ChannelBuilders.create(ChannelBuilders.java:157)
at org.apache.kafka.common.network.ChannelBuilders.serverChannelBuilder(ChannelBuilders.java:97)
at kafka.network.Processor.<init>(SocketServer.scala:780)
at kafka.network.socketServer.newProcessor(SocketServer.scala:406)
at kafka.network.socketServer.$anonfun$addDataPlaneProcessors$1(SocketServer.scala:285)
at kafka.network.socketServer.addDataPlaneProcessors(SocketServer.scala:284)
at kafka.network.socketServer.$anonfun$createDataPlaneAcceptorsAndProcessors$1(SocketServer.scala:251)
at kafka.network.socketServer.$anonfun$createDataPlaneAcceptorsAndProcessors$1$adapted(SocketServer.scala:248)
at scala.collection.IterableOnceOps.foreach(IterableOnce.scala:553)
at scala.collection.IterableOnceOps.foreach$(IterableOnce.scala:551)
at scala.collection.AbstractIterable.foreach(Iterable.scala:920)
at kafka.network.socketServer.createDataPlaneAcceptorsAndProcessors(SocketServer.scala:248)
at kafka.network.socketServer.startup(SocketServer.scala:122)
at kafka.server.KafkaServer.startup(KafkaServer.scala:286)
at kafka.server.KafkaServerStartable.startup(KafkaServerStartable.scala:44)
at kafka.Kafka$.main(Kafka.scala:82)
at kafka.Kafka.main(Kafka.scala)
Caused by: org.apache.kafka.common.config.ConfigException: Invalid value javax.net.ssl.SSLHandshakeException: no cipher suites in common for configuration A client SSLEngine created with the provided settings can't connect to a server SSLEngine created with those settings.
at org.apache.kafka.common.security.ssl.SslFactory.configure(SslFactory.java:98)
at org.apache.kafka.common.network.SslChannelBuilder.configure(SslChannelBuilder.java:72)
... 17 more```
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。