servername .ĭepth=1 O = io.If you’ve encountered an error messaging saying “TSL Handshake Failed,” and you’re confused about what to do, you’re not alone. servername YOUR-KAFKA-CLUSTER-BOOTSTRAP-ADDRESS connect YOUR-KAFKA-CLUSTER-BOOTSTRAP-ADDRESS:PORT \ Step 1 – get a copy of the certificate that the Kafka cluster is presenting $ openssl s_client \ If all that is true, here is how you can quickly workaround this error. I’m assuming that this is just for development purposes, that you know it’s safe to trust the certificate that the Kafka cluster is presenting, and that you’d rather just workaround the error than ask the owner of the Kafka cluster for a copy of their CA. ERROR Error processing message, terminating consumer process: ($)Ĭaused by: : PKIX path building failed: .SunCertPathBuilderException: unable to find valid certification path to requested targetĪt java.base/.createSSLException(Alert.java:131)Īt java.base/.fatal(TransportContext.java:326)Īt java.base/.fatal(TransportContext.java:269)Īt java.base/.fatal(TransportContext.java:264)Īt java.base/$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1339)Īt java.base/$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1214)Īt java.base/$nsume(CertificateMessage.java:1157)Īt java.base/.consume(SSLHandshake.java:392)Īt java.base/.dispatch(HandshakeContext.java:444)Īt java.base/$DelegatedTask$n(SSLEngineImpl.java:1074)Īt java.base/$DelegatedTask$n(SSLEngineImpl.java:1061)Īt java.base/(AccessController.java:770)Īt java.base/$n(SSLEngineImpl.java:1008)Īt .(SslTransportLayer.java:430)Īt .(SslTransportLayer.java:514)Īt .(SslTransportLayer.java:368)Īt .(SslTransportLayer.java:291)Īt .(KafkaChannel.java:173)Īt .(Selector.java:543)Īt .(Selector.java:481)Īt .NetworkClient.poll(NetworkClient.java:561)Īt .(ConsumerNetworkClient.java:265)Īt .(ConsumerNetworkClient.java:236)Īt .(ConsumerNetworkClient.java:215)Īt .(AbstractCoordinator.java:244)Īt .(ConsumerCoordinator.java:480)Īt .(KafkaConsumer.java:1257)Īt .(KafkaConsumer.java:1226)Īt .(KafkaConsumer.java:1206)Īt $ConsumerWrapper.receive(ConsoleConsumer.scala:444)Īt $.process(ConsoleConsumer.scala:103)Īt $.run(ConsoleConsumer.scala:77)Īt $.main(ConsoleConsumer.scala:54)Īt (ConsoleConsumer.scala)Ĭaused by: : PKIX path building failed: .SunCertPathBuilderException: unable to find valid certification path to requested targetĪt java.base/.doBuild(PKIXValidator.java:439)Īt java.base/.engineValidate(PKIXValidator.java:306)Īt java.base/.validate(Validator.java:264)Īt java.base/509TrustManagerImpl.validate(X509TrustManagerImpl.java:313)Īt java.base/509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:276)Īt java.base/509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:141)Īt java.base/$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1317)Ĭaused by: .SunCertPathBuilderException: unable to find valid certification path to requested targetĪt java.base/.SunCertPathBuilder.build(SunCertPathBuilder.java:141)Īt java.base/.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)Īt java.base/.build(CertPathBuilder.java:297)Īt java.base/.doBuild(PKIXValidator.java:434) WARN Bootstrap broker .:443 (id: -1 rack: null) disconnected (.NetworkClient) ERROR Connection to node -1 (./9.46.199.58:443) failed authentication due to: SSL handshake failed (.NetworkClient) consumer-property '=. required username="dale-user" password="pSRtfwTMKNlz" ' consumer-property 'chanism=SCRAM-SHA-512' \ consumer-property 'security.protocol=SASL_SSL' \ : PKIX path building failed: .SunCertPathBuilderException: unable to find valid certification path to requested target.įor example: $. errors.SslAuthenticationException: SSL handshake failed You don’t have a copy of that CA certificate, and (because it’s not signed by a well-known CA) your Kafka client is failing because of SSL handshake errors. You’re trying to connect a Kafka client to a development Apache Kafka cluster which has been quickly set up using a self-signed CA certificate.
0 kommentar(er)
