Support Questions

an_dutra · ‎02-02-2022

Hello, I have an expired certificate for Kafka on my server, my Kafka runs from Cloudera Manager, as follows:

But my Kafka Server still working just like my consumers and producers connections via SSL.

Can anyone help me to know if it's a bug or misconfiguration?

araujo · ‎02-07-2022

@an_dutra My guess is that it's a misconfiguration on your cluster. I just tested this on my Kafka cluster and once the certificate expires, if I try to connect to the cluster with a Kafka client I get the following exception:

Caused by: sun.security.validator.ValidatorException: PKIX path validation failed:
...
Caused by: java.security.cert.CertPathValidatorException: validity check failed
...
Caused by: java.security.cert.CertificateExpiredException: NotAfter: Tue Feb 08 03:45:00 UTC 2022

The Kafka brokers will continue to run, though. However, if they are stopped and I try to start them again, they will fail to start with the same exception as the one above.

--
Was your question answered? Please take some time to click on "Accept as Solution" below this post.
If you find a reply useful, say thanks by clicking on the thumbs up button.

Cloudera Community

Support Questions

Kafka working with expired certificates