Uploaded image for project: 'Kafka'
  1. Kafka
  2. KAFKA-12228

Kafka won't start with PEM certificate

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Not A Bug
    • Affects Version/s: 2.7.0
    • Fix Version/s: None
    • Component/s: clients
    • Labels:
      None

      Description

      I found that Kafka 2.7.0 supports PEM certificates and I decided to try setting up the broker with DigiCert SSL certificate. I used new options and I did everything like in example in KIP-651. But I get the error:

      [2021-01-20 17:54:55,787] ERROR [KafkaServer id=0] Fatal error during KafkaServer startup. Prepare to shutdown (kafka.server.KafkaServer)
      org.apache.kafka.common.config.ConfigException: Invalid value javax.net.ssl.SSLHandshakeException: no cipher suites in common for configuration A client SSLEngine created with the provided settings can't connect to a server SSLEngine created with those settings.
              at org.apache.kafka.common.security.ssl.SslFactory.configure(SslFactory.java:98)
              at org.apache.kafka.common.network.SslChannelBuilder.configure(SslChannelBuilder.java:72)
              at org.apache.kafka.common.network.ChannelBuilders.create(ChannelBuilders.java:157)
              at org.apache.kafka.common.network.ChannelBuilders.serverChannelBuilder(ChannelBuilders.java:97)
              at kafka.network.Processor.<init>(SocketServer.scala:790)
              at kafka.network.SocketServer.newProcessor(SocketServer.scala:415)
              at kafka.network.SocketServer.$anonfun$addDataPlaneProcessors$1(SocketServer.scala:288)
              at kafka.network.SocketServer.addDataPlaneProcessors(SocketServer.scala:287)
              at kafka.network.SocketServer.$anonfun$createDataPlaneAcceptorsAndProcessors$1(SocketServer.scala:254)
              at kafka.network.SocketServer.$anonfun$createDataPlaneAcceptorsAndProcessors$1$adapted(SocketServer.scala:251)
              at scala.collection.IterableOnceOps.foreach(IterableOnce.scala:553)
              at scala.collection.IterableOnceOps.foreach$(IterableOnce.scala:551)
              at scala.collection.AbstractIterable.foreach(Iterable.scala:920)
              at kafka.network.SocketServer.createDataPlaneAcceptorsAndProcessors(SocketServer.scala:251)
              at kafka.network.SocketServer.startup(SocketServer.scala:125)
              at kafka.server.KafkaServer.startup(KafkaServer.scala:303)
              at kafka.server.KafkaServerStartable.startup(KafkaServerStartable.scala:44)
              at kafka.Kafka$.main(Kafka.scala:82)
              at kafka.Kafka.main(Kafka.scala)
      

      Java is used:

      openjdk version "1.8.0_272"
      OpenJDK Runtime Environment (build 1.8.0_272-b10)
      OpenJDK 64-Bit Server VM (build 25.272-b10, mixed mode)
      

      OS is Centos 7.8.2003

      openssl x509 -in certificate.pem -text :

      Certificate:
          ...
          Signature Algorithm: ecdsa-with-SHA384
              ...
              Subject Public Key Info:
                  Public Key Algorithm: id-ecPublicKey
                      Public-Key: (256 bit)
      

      Log is attached.

        Attachments

        1. kafka.log
          56 kB
          Alexey Kashavkin

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              alexey.kashavkin Alexey Kashavkin
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: