Open pretendpasser opened 2 years ago
消息队列 kafka 使用 go SDK 的 confluent 客户端,通过 sasl_ssl 连接 kafka,想在 docker 中运行,但是验证证书看起来有问题【证书文件用的时 demo/conf 内 ca-cert.pem 文件】。
dockerfile 如下:
FROM golang:1.16 as builder
RUN apt-get install gcc && apt-get install ca-certificates
RUN go env -w GOPROXY="https://goproxy.cn,direct"
WORKDIR /opt/kafka
COPY . .
RUN go mod tidy
RUN go build
ENTRYPOINT ["./kafka"]
日志如下:
init kafka producer, it may take a few seconds to init the connection
init kafka producer success
HTTP server Start :7070
%3|1641796736.273|FAIL|rdkafka#producer-1| [thrd:sasl_ssl://alikafka-pre-cn-8ed2i1tx7001-1.alikafka.aliyuncs.com]: sasl_ssl://alikafka-pre-cn-8ed2i1tx7001-1.alikafka.aliyuncs.com:9093/bootstrap: SSL handshake failed: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed: broker certificate could not be verified, verify that ssl.ca.location is correctly configured or root CA certificates are installed (install ca-certificates package) (after 78ms in state SSL_HANDSHAKE)
%3|1641796737.008|FAIL|rdkafka#producer-1| [thrd:sasl_ssl://alikafka-pre-cn-8ed2i1tx7001-1.alikafka.aliyuncs.com]: sasl_ssl://alikafka-pre-cn-8ed2i1tx7001-1.alikafka.aliyuncs.com:9093/bootstrap: SSL handshake failed: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed: broker certificate could not be verified, verify that ssl.ca.location is correctly configured or root CA certificates are installed (install ca-certificates package) (after 44ms in state SSL_HANDSHAKE, 1 identical error(s) suppressed)
日志提醒两个问题 ssl.ca.location is correctly configured or root CA certificates are installed。 确认证书路径没有问题;
ca-certificates如下:
apt-get install ca-certificates
Reading package lists... Done
Building dependency tree
Reading state information... Done
ca-certificates is already the newest version (20200601~deb10u2).
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
帮看下还有什么会导致这个错误,谢谢
添加这行代码 kafkaconf.SetKey("enable.ssl.certificate.verification", "false") 在配置里面关闭hostname校验即可
消息队列 kafka 使用 go SDK 的 confluent 客户端,通过 sasl_ssl 连接 kafka,想在 docker 中运行,但是验证证书看起来有问题【证书文件用的时 demo/conf 内 ca-cert.pem 文件】。
日志提醒两个问题 ssl.ca.location is correctly configured or root CA certificates are installed。 确认证书路径没有问题;
帮看下还有什么会导致这个错误,谢谢