Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Announcements
Celebrating as our community reaches 100,000 members! Thank you!
Solved Go to solution

Kafka ssl Nifi

Labels:
avatar
author-rank VLban
Contributor

Created ‎04-20-2023 05:53 AM

ConsumerKafka2.6 I connect to kafka using ssl I added a keystore and a triac from kafka servera I placed the same ones on the nifi server but in the nifi logs I get this error.

ConsumeKafka_2_6[id=9da42b1a-0187-1000-ffff-ffffb41254ef] Exception while interacting with Kafka so will close the lease org.apache.nifi.processors.kafka.pubsub.ConsumerPool$SimpleConsumerLease@62e55d3b due to SSL handshake failed: org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed
- Caused by: javax.net.ssl.SSLHandshakeException: No subject alternative names matching IP address
my settings StandardSSLContextService
Keystore Filename/var/ssl/nifi/kafka_broker.keystore.jks
Keystore PasswordSensitive value set
Key PasswordSensitive value set
Keystore TypeJKS
Truststore Filename /var/ssl/nifi/kafka_broker.truststore.jks
Truststore PasswordSensitive value set
Truststore TypeJKS
TLS ProtocolTLS
 
My settings consumerKafka2.6
Security Protocol SSL
SASL Mechanism SCRAM-SHA-512
Username admin
Password Sensitive value set
SSL Context ServiceStandardSSLContextService
 
Help me
1,523 Views
0 Kudos
1 ACCEPTED SOLUTION

avatar
author-rank VLban
Contributor

Created ‎04-20-2023 07:31 AM

the issue was resolved the problem was in the settings of the version of the tls protocol

View solution in original post

1,495 Views
2 REPLIES 2

avatar
author-rank VLban
Contributor

Created ‎04-20-2023 06:57 AM

2023-04-20 16:51:55,924 ERROR [Timer-Driven Process Thread-10] o.a.n.p.kafka.pubsub.ConsumeKafka_2_6 [ConsumeKafka_2_6[id=9da42b1a-0187-1000-ffff-ffffb41254ef], org.apache.nifi.processors.kafka.pubsub.ConsumerPool$SimpleConsumerLease@475bfba5, org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed] Exception while interacting with Kafka so will close the lease {} due to {}
org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed
Caused by: javax.net.ssl.SSLHandshakeException: No subject alternative names matching IP address 10.1 found
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:353)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:296)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:291)
at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357)
at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232)
at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175)
at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:392)
at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:443)
at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1076)
at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1063)
at java.base/java.security.AccessController.doPrivileged(Native Method)
at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1010)
at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:430)
at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:514)
at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:368)
at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:291)
at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:173)
at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:547)
at org.apache.kafka.common.network.Selector.poll(Selector.java:485)
at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:547)
at org.apache.kafka.clients.consumer.internals.ConsumerNetworkClient.poll(ConsumerNetworkClient.java:265)
at org.apache.kafka.clients.consumer.internals.ConsumerNetworkClient.poll(ConsumerNetworkClient.java:236)
at org.apache.kafka.clients.consumer.internals.ConsumerNetworkClient.poll(ConsumerNetworkClient.java:215)
at org.apache.kafka.clients.consumer.internals.AbstractCoordinator.ensureCoordinatorReady(AbstractCoordinator.java:245)
at org.apache.kafka.clients.consumer.internals.ConsumerCoordinator.poll(ConsumerCoordinator.java:480)
at org.apache.kafka.clients.consumer.KafkaConsumer.updateAssignmentMetadataIfNeeded(KafkaConsumer.java:1261)
at org.apache.kafka.clients.consumer.KafkaConsumer.poll(KafkaConsumer.java:1230)
at org.apache.kafka.clients.consumer.KafkaConsumer.poll(KafkaConsumer.java:1210)
at org.apache.nifi.processors.kafka.pubsub.ConsumerLease.poll(ConsumerLease.java:220)
at org.apache.nifi.processors.kafka.pubsub.ConsumeKafka_2_6.onTrigger(ConsumeKafka_2_6.java:479)
at org.apache.nifi.processor.AbstractProcessor.onTrigger(AbstractProcessor.java:27)
at org.apache.nifi.controller.StandardProcessorNode.onTrigger(StandardProcessorNode.java:1357)
at org.apache.nifi.controller.tasks.ConnectableTask.invoke(ConnectableTask.java:246)
at org.apache.nifi.controller.scheduling.TimerDrivenSchedulingAgent$1.run(TimerDrivenSchedulingAgent.java:102)
at org.apache.nifi.engine.FlowEngine$2.run(FlowEngine.java:110)
at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:515)
at java.base/java.util.concurrent.FutureTask.runAndReset(FutureTask.java:305)
at java.base/java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:305)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628)
at java.base/java.lang.Thread.run(Thread.java:829)
Caused by: java.security.cert.CertificateException: No subject alternative names matching IP address 10.1 found
at java.base/sun.security.util.HostnameChecker.matchIP(HostnameChecker.java:165)
at java.base/sun.security.util.HostnameChecker.match(HostnameChecker.java:101)
at java.base/sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:455)
at java.base/sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:429)
at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:283)
at java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:141)
at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335)
... 37 common frames omitted
1,501 Views
0 Kudos

avatar
author-rank VLban
Contributor

Created ‎04-20-2023 07:31 AM

the issue was resolved the problem was in the settings of the version of the tls protocol

1,496 Views
webinar banner
Announcements
Product Announcements
[ANNOUNCE] Cloudera Data Services 1.5.4 on Private Cloud Rel...
What's New @ Cloudera
Run your Apache NiFi and Apache Kafka workloads on Kubernete...
What's New @ Cloudera
Cloudera DataFlow now powers GenAI pipelines and supports ch...
Community Announcements
May 2024 Community Highlights
What's New @ Cloudera
Cloudera Operational Database (COD) supports instance group ...
View More Announcements
meetups banner