【发布时间】:2018-05-27 02:14:17
【问题描述】:
我已经在同一个节点上完成了代理和客户端配置。
ssl.client.auth=none 工作正常,但每当我将该属性更改为“必需”、ssl.client.auth=required 并启用security.inter.broker.protocol=SSL 时,它都会给我带来生产者方面的问题。
[2017-12-13 11:06:56,106] WARN Failed to send SSL Close message (org.apache.kafka.common.network.SslTransportLayer)
java.io.IOException: Connection reset by peer
at sun.nio.ch.FileDispatcherImpl.write0(Native Method)
at sun.nio.ch.SocketDispatcher.write(SocketDispatcher.java:47)
at sun.nio.ch.IOUtil.writeFromNativeBuffer(IOUtil.java:93)
at sun.nio.ch.IOUtil.write(IOUtil.java:65)
at sun.nio.ch.SocketChannelImpl.write(SocketChannelImpl.java:471)
at org.apache.kafka.common.network.SslTransportLayer.flush(SslTransportLayer.java:194)
at org.apache.kafka.common.network.SslTransportLayer.close(SslTransportLayer.java:161)
at org.apache.kafka.common.network.KafkaChannel.close(KafkaChannel.java:45)
at org.apache.kafka.common.network.Selector.close(Selector.java:442)
at org.apache.kafka.common.network.Selector.poll(Selector.java:310)
at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:256)
at org.apache.kafka.clients.producer.internals.Sender.run(Sender.java:216)
at org.apache.kafka.clients.producer.internals.Sender.run(Sender.java:128)
at java.lang.Thread.run(Thread.java:745)
有什么解决办法吗?
【问题讨论】:
-
已解决。当服务器的签名证书与客户端密钥库不匹配时,会出现此问题。我们需要生成客户端密钥库并将服务器的签名证书导入客户端密钥库。
-
您能否更好地描述获取它的步骤?我在服务器和客户端中使用相同的密钥库并拥有
SSH Handshake failed,传递:-X security.protocol=ssl -X ssl.key.location=/certs/docker.kafka.server.keystore.pem -X ssl.key.password=apassword -X ssl.certificate.location=/certs/cert-signed -X ssl.ca.location=/certs/docker.kafka.server.keystore.pem
标签: ssl apache-kafka