Support Questions

Find answers, ask questions, and share your expertise

Kafka working with expired certificates

avatar
New Contributor

Hello, I have an expired certificate for Kafka on my server, my Kafka runs from Cloudera Manager, as follows:

an_dutra_0-1643799211929.png

 

But my Kafka Server still working just like my consumers and producers connections via SSL.

Can anyone help me to know if it's a bug or misconfiguration?

1 REPLY 1

avatar
Super Guru

@an_dutra  My guess is that it's a misconfiguration on your cluster. I just tested this on my Kafka cluster and once the certificate expires, if I try to connect to the cluster with a Kafka client I get the following exception:

 

Caused by: sun.security.validator.ValidatorException: PKIX path validation failed:
...
Caused by: java.security.cert.CertPathValidatorException: validity check failed
...
Caused by: java.security.cert.CertificateExpiredException: NotAfter: Tue Feb 08 03:45:00 UTC 2022

The Kafka brokers will continue to run, though. However, if they are stopped and I try to start them again, they will fail to start with the same exception as the one above.

--
Was your question answered? Please take some time to click on "Accept as Solution" below this post.
If you find a reply useful, say thanks by clicking on the thumbs up button.