search

confluentinc / cp-docker-images

[DEPRECATED] Docker images for Confluent Platform.
Apache License 2.0
1.14k stars 704 forks source link

SSL Handshake Exception between brokers when deploying confluent kafka with SSL on openshift #661

Open himmatb opened 5 years ago

himmatb commented 5 years ago

I am doing a 3 node setup of confluent kafka on openshift with the following properties in yml. containers:

I am getting the following exception while trying to test the same with SSL enabled between the brokers.

[2018-12-25 14:33:35,961] WARN [RequestSendThread controllerId=1] Controller 1's connection to broker kf-3.kafka-dev.svc:9093 (id: 3 rack: null) was unsuccessful (kafka.controller.RequestSendThread) org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection?

Things work well when I am running using plain text but when I enable SSL I end up with the above issue.

I have created the certificate with CN=*.mydomainname as we are using the same certificate for all the brokers.

As we are using openshift every time a new deployment is made or a property is updated a new container is launched with a new hostname hence I cannot keep the fully qualified hostname while creating the certificate.

Any help would be appreciated.

eddideku commented 5 years ago

I am experiencing the same issue with the Confluent documentation. Have you found a way to resolve this?

When you created the cert, with the wildcard did you use openssl or keytool?