I am trying to setup a Kafka broker with SSL support but when I try to put a message on the topic, it goes on Timeout. Here the steps I followed:
openssl req -new -newkey rsa:4096 -days 365 -x509 -subj "/CN=Kafka-Security-CA" -keyout ca-key -out ca-cert -nodes keytool -genkey -keystore kafka.server.keystore.jks -validity 365 -storepass xxx-keypass xxx -dname "CN=kafka_broker.net" -storetype pkcs12 keytool -keystore kafka.server.keystore.jks -certreq -file cert-file -storepass xxx -keypass xxx openssl x509 -req -CA ca-cert -CAkey ca-key -in cert-file -out cert-signed -days 365 -CAcreateserial -passin pass:xxx keytool -keystore kafka.server.truststore.jks -alias CARoot -import -file ca-cert -storepass xxx -keypass xxx -noprompt keytool -keystore kafka.server.keystore.jks -import -file cert-signed -storepass xxx -keypass xxx -noprompt keytool -keystore kafka.client.truststore.jks -alias CARoot -import -file ca-cert -storepass xxx -keypass xxx -noprompt I know that the connection over SSL failed beacause when I do:
/kafka_2.11-1.1.0/bin/kafka-console-producer.sh --broker-list kafka_broker:9092 --topic test --producer.config client.properties >ewqeq [2018-07-04 14:53:18,022] ERROR Error when sending message to topic test with key: null, value: 5 bytes with error: (org.apache.kafka.clients.producer.internals.ErrorLoggingCallback) org.apache.kafka.common.errors.TimeoutException: Failed to update metadata after 60000 ms. where client.properties is a config file and its content is:
security.protocol=SSL ssl.truststore.location=./kafka.server.truststore.jks ssl.truststore.password=xxx I tried many times but nothing is working. The client where I am trying to connect is in a docker container and also is kafka. They are under the same network and the kafka hostname is kafka_broker that I supplied also to the CN during the keystore creation.
