Hi!
I have Kafka with two way SSL. Faced strange behavior on Windows.
Firstly, it looks like the SslCaLocation parameter does not work correctly on Windows. The library always tries to take the CA certificate to check the broker from the Windows certificate store. Even if the path to a specific file is set in SslCaLocation.
But the problem with SslCaLocation at least has a workaround - add the CA to the store. I ran into a problem that the client certificate for authentication does not work at all under Windows. At the same time, the same code works perfectly fine under Linux. From Windows Kafka broker always raise error Empty client certificate chain.
And yes, I am fully confident in the correctness of the certificates. I am running the same code with the same certs from Windows and Linux.
Can you please help with that? I've searched half the Internet but couldn't find any solution to the problem or a clue that I'm doing something wrong.
How to reproduce
I made a small repository where it is described step by step how to reproduce the problem. With running Kafka locally in docker and checking behavior under Windows and Linux. The only thing you need is WSL.
https://github.com/root691/kafka-ssl-test
Description
Hi! I have Kafka with two way SSL. Faced strange behavior on Windows.
Firstly, it looks like the
SslCaLocation
parameter does not work correctly on Windows. The library always tries to take the CA certificate to check the broker from the Windows certificate store. Even if the path to a specific file is set inSslCaLocation
.But the problem with
SslCaLocation
at least has a workaround - add the CA to the store. I ran into a problem that the client certificate for authentication does not work at all under Windows. At the same time, the same code works perfectly fine under Linux. From Windows Kafka broker always raise errorEmpty client certificate chain
.And yes, I am fully confident in the correctness of the certificates. I am running the same code with the same certs from Windows and Linux.
Can you please help with that? I've searched half the Internet but couldn't find any solution to the problem or a clue that I'm doing something wrong.
How to reproduce
I made a small repository where it is described step by step how to reproduce the problem. With running Kafka locally in docker and checking behavior under Windows and Linux. The only thing you need is WSL. https://github.com/root691/kafka-ssl-test
Checklist
confluentinc/cp-kafka
6.1.9, latest at the moment of creating issueDebug: all
-Disconnected while requesting ApiVersion
, that's allEmpty client certificate chain
. But you can see the logs yourself by following the instructions from the repository