Hi  People   I am trying to make a secure communication between a producer and a consumer in Kafka (1.0.1) by enabling the SSL protocol, however after the generation of the certificates and configure the server.properties file through the Cloudera Manager(Version 5.13.0 and S.O Centos 6), when I made the connection test using the openssl s_client -debug -connect localhost:9093 -tls1   I have the following error, someone can help me   CONNECTED(00000003) write to 0x1a9e670 [0x1ae9713] (155 bytes => 155 (0x9B)) 0000 - 16 03 01 00 96 01 00 00-92 03 01 5b c6 7c 3d 62   ...........[.|=b 0010 - 53 b1 25 75 34 88 fd 60-7a 41 93 51 68 3a 63 d5   S.%u4..`zA.Qh:c. 0020 - 57 14 37 6e 78 bd bc 38-e4 d7 ef 00 00 4c c0 14   W.7nx..8.....L.. 0030 - c0 0a 00 39 00 38 00 88-00 87 c0 0f c0 05 00 35   ...9.8.........5 0040 - 00 84 c0 13 c0 09 00 33-00 32 c0 12 c0 08 00 9a   .......3.2...... 0050 - 00 99 00 45 00 44 00 16-00 13 c0 0e c0 04 c0 0d   ...E.D.......... 0060 - c0 03 00 2f 00 96 00 41-00 0a 00 07 c0 11 c0 07   .../...A........ 0070 - c0 0c c0 02 00 05 00 04-00 ff 01 00 00 1d 00 0b   ................ 0080 - 00 04 03 00 01 02 00 0a-00 08 00 06 00 19 00 18   ................ 0090 - 00 17 00 23 00 00 00 0f-00 01 01                  ...#....... read from 0x1a9e670 [0x1ae51c3] (5 bytes => 5 (0x5)) 0005 - <SPACES/NULS> write to 0x1a9e670 [0x1aeebe0] (7 bytes => 7 (0x7)) 0000 - 15 03 01 00 02 02 46                              ......F 140660245464904:error:1408F10B:SSL routines:SSL3_GET_RECORD:wrong version number:s3_pkt.c:339: --- no peer certificate available --- No client certificate CA names sent --- SSL handshake has read 5 bytes and written 7 bytes --- New, (NONE), Cipher is (NONE) Secure Renegotiation IS NOT supported Compression: NONE Expansion: NONE SSL-Session: Protocol  : TLSv1 Cipher    : 0000 Session-ID: Session-ID-ctx: Master-Key: Key-Arg   : None Krb5 Principal: None PSK identity: None PSK identity hint: None Start Time: 1539734589 Timeout   : 7200 (sec) Verify return code: 0 (ok) --- Additionally my logs says   2018-10-11 12:38:16,510 WARN org.apache.kafka.common.network.SslTransportLayer: Failed to send SSL Close message java.io.IOException: Connection reset by peer         at sun.nio.ch.FileDispatcherImpl.write0(Native Method)         at sun.nio.ch.SocketDispatcher.write(SocketDispatcher.java:47)         at sun.nio.ch.IOUtil.writeFromNativeBuffer(IOUtil.java:93)         at sun.nio.ch.IOUtil.write(IOUtil.java:65)         at sun.nio.ch.SocketChannelImpl.write(SocketChannelImpl.java:487)         at org.apache.kafka.common.network.SslTransportLayer.flush(SslTransportLayer.java:212)         at org.apache.kafka.common.network.SslTransportLayer.close(SslTransportLayer.java:175)         at org.apache.kafka.common.utils.Utils.closeAll(Utils.java:703)         at org.apache.kafka.common.network.KafkaChannel.close(KafkaChannel.java:61)         at org.apache.kafka.common.network.Selector.doClose(Selector.java:739)         at org.apache.kafka.common.network.Selector.close(Selector.java:727)         at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:520)         at org.apache.kafka.common.network.Selector.poll(Selector.java:412)         at kafka.network.Processor.poll(SocketServer.scala:551)         at kafka.network.Processor.run(SocketServer.scala:468)         at java.lang.Thread.run(Thread.java:745)       PROCEDURE TO MAKE THE CERTIFICATES   CERTIFICATION AUTHORITY ======================= openssl req -new -newkey rsa:4096 -days 365 -x509 -subj "/CN=Kafka-Security-CA" -keyout ca-key -out ca-cert -nodes openssl req -new -newkey rsa:4096 -days 365 -x509 -subj "/CN=Kafka-Security-CA" -keyout ca-key -out ca-cert -nodes   CREATING SERVER CERTIFICATE =========================== Using my hostname (quickstart.cloudera)   keytool -genkey -keystore kafka.server.keystore.jks -validity 365 -storepass $SRVPASS -keypass $SRVPASS  -dname "CN=quickstart.cloudera" -storetype pkcs12   CREATE A CERTIFICATION REQUEST FILE =================================== keytool -keystore kafka.server.keystore.jks -certreq -file cert-file -storepass $SRVPASS -keypass $SRVPASS openssl x509 -req -CA ca-cert -CAkey ca-key -in cert-file -out cert-signed -days 365 -CAcreateserial -passin pass:$SRVPASS   CHECK CERTIFICATES =================== keytool -printcert -v -file cert-signed keytool -list -v -keystore kafka.server.keystore.jks   keytool -keystore kafka.server.truststore.jks -alias CARoot -import -file ca-cert -storepass $SRVPASS -keypass $SRVPASS -noprompt   IMPORT CA AND THE SIGNED SERVER CERTIFICATE INTO KEYSTORE ========================================================= keytool -keystore kafka.server.keystore.jks -alias CARoot -import -file ca-cert -storepass $SRVPASS -keypass $SRVPASS -noprompt keytool -keystore kafka.server.keystore.jks -import -file cert-signed -storepass $SRVPASS -keypass $SRVPASS -noprompt   keytool -keystore kafka.client.keystore.jks -alias localhost -certreq -file cert-file openssl x509 -req -CA ca-cert -CAkey ca-key -in cert-file -out cert-signed -days $VALIDITY -CAcreateserial -passin pass:$PASSWORD   keytool -keystore kafka.client.keystore.jks -alias CARoot -import -file ca-cert keytool -keystore kafka.client.keystore.jks -alias localhost -import -file cert-signed   ////////////////////////////   KAFKA SERVER PROPERTIES listeners=PLAINTEXT://0.0.0.0:9092,SSL://0.0.0.0:9093 ssl.keystore.location=/var/private/ssl-new-5/kafka.server.keystore.jks ssl.keystore.password=XXXXXX ssl.key.password=XXXXXX ssl.truststore.location=/var/private/ssl-new-5/kafka.server.truststore.jks ssl.truststore.password=XXXXXXX   offsets.topic.replication.factor=1 transaction.state.log.replication.factor=1 transaction.state.log.min.isr=1   I appreciate any help to solve this problem ... View more