Kafka ssl Nifi

VLban — Thu, 20 Apr 2023 12:53:10 GMT

ConsumerKafka2.6 I connect to kafka using ssl I added a keystore and a triac from kafka servera I placed the same ones on the nifi server but in the nifi logs I get this error.

ConsumeKafka_2_6[id=9da42b1a-0187-1000-ffff-ffffb41254ef] Exception while interacting with Kafka so will close the lease org.apache.nifi.processors.kafka.pubsub.ConsumerPool$SimpleConsumerLease@62e55d3b due to SSL handshake failed: org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed
- Caused by: javax.net.ssl.SSLHandshakeException: No subject alternative names matching IP address

my settings StandardSSLContextService

Keystore Filename/var/ssl/nifi/kafka_broker.keystore.jks

Keystore PasswordSensitive value set

Key PasswordSensitive value set

Keystore TypeJKS

Truststore Filename /var/ssl/nifi/kafka_broker.truststore.jks

Truststore PasswordSensitive value set

Truststore TypeJKS

TLS ProtocolTLS
 
My settings consumerKafka2.6
Security Protocol SSL
SASL Mechanism SCRAM-SHA-512

Username admin

Password Sensitive value set

SSL Context ServiceStandardSSLContextService
 
Help me

Re: Kafka ssl Nifi

VLban — Thu, 20 Apr 2023 13:57:16 GMT

2023-04-20 16:51:55,924 ERROR [Timer-Driven Process Thread-10] o.a.n.p.kafka.pubsub.ConsumeKafka_2_6 [ConsumeKafka_2_6[id=9da42b1a-0187-1000-ffff-ffffb41254ef], org.apache.nifi.processors.kafka.pubsub.ConsumerPool$SimpleConsumerLease@475bfba5, org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed] Exception while interacting with Kafka so will close the lease {} due to {}

org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed

Caused by: javax.net.ssl.SSLHandshakeException: No subject alternative names matching IP address 10.1 found

at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131)

at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:353)

at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:296)

at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:291)

at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357)

at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232)

at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175)

at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:392)

at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:443)

at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1076)

at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1063)

at java.base/java.security.AccessController.doPrivileged(Native Method)

at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1010)

at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:430)

at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:514)

at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:368)

at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:291)

at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:173)

at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:547)

at org.apache.kafka.common.network.Selector.poll(Selector.java:485)

at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:547)

at org.apache.kafka.clients.consumer.internals.ConsumerNetworkClient.poll(ConsumerNetworkClient.java:265)

at org.apache.kafka.clients.consumer.internals.ConsumerNetworkClient.poll(ConsumerNetworkClient.java:236)

at org.apache.kafka.clients.consumer.internals.ConsumerNetworkClient.poll(ConsumerNetworkClient.java:215)

at org.apache.kafka.clients.consumer.internals.AbstractCoordinator.ensureCoordinatorReady(AbstractCoordinator.java:245)

at org.apache.kafka.clients.consumer.internals.ConsumerCoordinator.poll(ConsumerCoordinator.java:480)

at org.apache.kafka.clients.consumer.KafkaConsumer.updateAssignmentMetadataIfNeeded(KafkaConsumer.java:1261)

at org.apache.kafka.clients.consumer.KafkaConsumer.poll(KafkaConsumer.java:1230)

at org.apache.kafka.clients.consumer.KafkaConsumer.poll(KafkaConsumer.java:1210)

at org.apache.nifi.processors.kafka.pubsub.ConsumerLease.poll(ConsumerLease.java:220)

at org.apache.nifi.processors.kafka.pubsub.ConsumeKafka_2_6.onTrigger(ConsumeKafka_2_6.java:479)

at org.apache.nifi.processor.AbstractProcessor.onTrigger(AbstractProcessor.java:27)

at org.apache.nifi.controller.StandardProcessorNode.onTrigger(StandardProcessorNode.java:1357)

at org.apache.nifi.controller.tasks.ConnectableTask.invoke(ConnectableTask.java:246)

at org.apache.nifi.controller.scheduling.TimerDrivenSchedulingAgent$1.run(TimerDrivenSchedulingAgent.java:102)

at org.apache.nifi.engine.FlowEngine$2.run(FlowEngine.java:110)

at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515)

at java.base/java.util.concurrent.FutureTask.runAndReset(FutureTask.java:305)

at java.base/java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:305)

at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)

at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)

at java.base/java.lang.Thread.run(Thread.java:829)

Caused by: java.security.cert.CertificateException: No subject alternative names matching IP address 10.1 found

at java.base/sun.security.util.HostnameChecker.matchIP(HostnameChecker.java:165)

at java.base/sun.security.util.HostnameChecker.match(HostnameChecker.java:101)

at java.base/sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:455)

at java.base/sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:429)

at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:283)

at java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:141)

at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335)

... 37 common frames omitted

Re: Kafka ssl Nifi

VLban — Thu, 20 Apr 2023 14:31:15 GMT

the issue was resolved the problem was in the settings of the version of the tls protocol

question Re: Kafka ssl Nifi in Support Questions

Kafka ssl Nifi

Re: Kafka ssl Nifi

Re: Kafka ssl Nifi