bounty将在2天后过期。回答此问题可获得+100声望奖励。Petr Kostroun正在寻找规范答案。
我有一个Kafka客户端,配置如下:
spring:
cloud:
config:
enabled: false
stream:
kafka:
binder:
brokers: localhost:9092
zkNodes: localhost:2181
configuration:
security:
protocol: SASL_SSL
sasl:
mechanism: SCRAM-SHA-256
kerberos:
service:
name: "kafka"
jaas:
config: org.apache.kafka.common.security.scram.ScramLoginModule required username="user" password="sepultura1";
bindings:
kafkaDemoTopic:
destination: kafka_demo_topic
字符串
当我试图运行应用程序,它失败了这个异常:
org.springframework.cloud.stream.provisioning.ProvisioningException: Provisioning exception encountered for kafka_demo_topic
at org.springframework.cloud.stream.binder.kafka.provisioning.KafkaTopicProvisioner.createTopic(KafkaTopicProvisioner.java:377) ~[spring-cloud-stream-binder-kafka-core-4.1.0.jar:4.1.0]
at org.springframework.cloud.stream.binder.kafka.provisioning.KafkaTopicProvisioner.provisionProducerDestination(KafkaTopicProvisioner.java:197) ~[spring-cloud-stream-binder-kafka-core-4.1.0.jar:4.1.0]
at org.springframework.cloud.stream.binder.kafka.provisioning.KafkaTopicProvisioner.provisionProducerDestination(KafkaTopicProvisioner.java:96) ~[spring-cloud-stream-binder-kafka-core-4.1.0.jar:4.1.0]
at org.springframework.cloud.stream.binder.AbstractMessageChannelBinder.doBindProducer(AbstractMessageChannelBinder.java:297) ~[spring-cloud-stream-4.1.0.jar:4.1.0]
at org.springframework.cloud.stream.binder.AbstractMessageChannelBinder.doBindProducer(AbstractMessageChannelBinder.java:102) ~[spring-cloud-stream-4.1.0.jar:4.1.0]
at org.springframework.cloud.stream.binder.AbstractBinder.bindProducer(AbstractBinder.java:153) ~[spring-cloud-stream-4.1.0.jar:4.1.0]
at org.springframework.cloud.stream.binding.BindingService.doBindProducer(BindingService.java:353) ~[spring-cloud-stream-4.1.0.jar:4.1.0]
at org.springframework.cloud.stream.binding.BindingService.bindProducer(BindingService.java:294) ~[spring-cloud-stream-4.1.0.jar:4.1.0]
at org.springframework.cloud.stream.function.StreamBridge.resolveDestination(StreamBridge.java:272) ~[spring-cloud-stream-4.1.0.jar:4.1.0]
at org.springframework.cloud.stream.function.StreamBridge.send(StreamBridge.java:168) ~[spring-cloud-stream-4.1.0.jar:4.1.0]
at org.springframework.cloud.stream.function.StreamBridge.send(StreamBridge.java:147) ~[spring-cloud-stream-4.1.0.jar:4.1.0]
at org.springframework.cloud.stream.function.StreamBridge.send(StreamBridge.java:142) ~[spring-cloud-stream-4.1.0.jar:4.1.0]
at org.heller.kafka.demo.producer.KafkaProducer.scheduleFixedRateTask(KafkaProducer.java:32) ~[classes/:na]
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:na]
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77) ~[na:na]
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:na]
at java.base/java.lang.reflect.Method.invoke(Method.java:568) ~[na:na]
at org.springframework.scheduling.support.ScheduledMethodRunnable.runInternal(ScheduledMethodRunnable.java:130) ~[spring-context-6.1.1.jar:6.1.1]
at org.springframework.scheduling.support.ScheduledMethodRunnable.lambda$run$2(ScheduledMethodRunnable.java:124) ~[spring-context-6.1.1.jar:6.1.1]
at io.micrometer.observation.Observation.observe(Observation.java:499) ~[micrometer-observation-1.12.0.jar:1.12.0]
at org.springframework.scheduling.support.ScheduledMethodRunnable.run(ScheduledMethodRunnable.java:124) ~[spring-context-6.1.1.jar:6.1.1]
at org.springframework.scheduling.support.DelegatingErrorHandlingRunnable.run(DelegatingErrorHandlingRunnable.java:54) ~[spring-context-6.1.1.jar:6.1.1]
at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:539) ~[na:na]
at java.base/java.util.concurrent.FutureTask.runAndReset(FutureTask.java:305) ~[na:na]
at java.base/java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:305) ~[na:na]
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136) ~[na:na]
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635) ~[na:na]
at java.base/java.lang.Thread.run(Thread.java:833) ~[na:na]
Caused by: java.util.concurrent.ExecutionException: org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed
at java.base/java.util.concurrent.CompletableFuture.reportGet(CompletableFuture.java:396) ~[na:na]
at java.base/java.util.concurrent.CompletableFuture.get(CompletableFuture.java:2096) ~[na:na]
at org.apache.kafka.common.internals.KafkaFutureImpl.get(KafkaFutureImpl.java:180) ~[kafka-clients-3.6.0.jar:na]
at org.springframework.cloud.stream.binder.kafka.provisioning.KafkaTopicProvisioner.createTopicAndPartitions(KafkaTopicProvisioner.java:413) ~[spring-cloud-stream-binder-kafka-core-4.1.0.jar:4.1.0]
at org.springframework.cloud.stream.binder.kafka.provisioning.KafkaTopicProvisioner.createTopicIfNecessary(KafkaTopicProvisioner.java:387) ~[spring-cloud-stream-binder-kafka-core-4.1.0.jar:4.1.0]
at org.springframework.cloud.stream.binder.kafka.provisioning.KafkaTopicProvisioner.createTopic(KafkaTopicProvisioner.java:364) ~[spring-cloud-stream-binder-kafka-core-4.1.0.jar:4.1.0]
... 27 common frames omitted
Caused by: org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed
Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[na:na]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:378) ~[na:na]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:321) ~[na:na]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:316) ~[na:na]
at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[na:na]
at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[na:na]
at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[na:na]
at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[na:na]
at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[na:na]
at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[na:na]
at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[na:na]
at java.base/java.security.AccessController.doPrivileged(AccessController.java:712) ~[na:na]
at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[na:na]
at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[kafka-clients-3.6.0.jar:na]
at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[kafka-clients-3.6.0.jar:na]
at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[kafka-clients-3.6.0.jar:na]
at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[kafka-clients-3.6.0.jar:na]
at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[kafka-clients-3.6.0.jar:na]
at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[kafka-clients-3.6.0.jar:na]
at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[kafka-clients-3.6.0.jar:na]
at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:571) ~[kafka-clients-3.6.0.jar:na]
at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1381) ~[kafka-clients-3.6.0.jar:na]
at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1312) ~[kafka-clients-3.6.0.jar:na]
at java.base/java.lang.Thread.run(Thread.java:833) ~[na:na]
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[na:na]
at java.base/sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[na:na]
at java.base/sun.security.validator.Validator.validate(Validator.java:264) ~[na:na]
at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[na:na]
at java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[na:na]
at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[na:na]
... 19 common frames omitted
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at java.base/sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:146) ~[na:na]
at java.base/sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:127) ~[na:na]
at java.base/java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[na:na]
at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[na:na]
... 24 common frames omitted
型
我已经将证书导入到了cacquisition key store中。有人给予我一点如何处理这个异常吗?似乎cacquisition store中的证书无效。我在google上找不到如何处理它。谢谢
我运行以下命令来生成+自签名证书:
openssl req -new -x509 -days 365 -keyout ca.key -out ca.crt -subj "/C=PL/L=Warsaw/CN=localhost" -passout pass:sepultura1
keytool -genkey -keystore server.keystore -alias localhost -dname CN=localhost -keyalg RSA -validity 365 -ext san=dns:localhost -storepass sepultura1
keytool -certreq -keystore server.keystore -alias localhost -file server.unsigned.crt -storepass sepultura1
openssl x509 -req -CA ca.crt -CAkey ca.key -in server.unsigned.crt -out server.crt -days 365 -CAcreateserial -passin pass:sepultura1
keytool -import -file ca.crt -keystore server.keystore -alias ca -storepass sepultura1 -noprompt
keytool -import -file server.crt -keystore server.keystore -alias localhost -storepass sepultura1 -noprompt
keytool -import -file ca.crt -keystore client.truststore -alias ca -storepass sepultura1 -noprompt
keytool -import -file server.crt -keystore client.truststore -alias localhost -storepass sepultura1 -noprompt
keytool -import -file server.crt -keystore C:\apps\jdk17\lib\security\cacerts -alias localhost -storepass changeit -noprompt
keytool -import -file ca.crt -keystore C:\apps\jdk17\lib\security\cacerts -alias ca -storepass changeit -noprompt
型
但仍然会得到这个异常:
org.springframework.cloud.stream.provisioning.ProvisioningException: Provisioning exception encountered for kafka_demo_topic
at org.springframework.cloud.stream.binder.kafka.provisioning.KafkaTopicProvisioner.createTopic(KafkaTopicProvisioner.java:377) ~[spring-cloud-stream-binder-kafka-core-4.1.0.jar:4.1.0]
at org.springframework.cloud.stream.binder.kafka.provisioning.KafkaTopicProvisioner.provisionProducerDestination(KafkaTopicProvisioner.java:197) ~[spring-cloud-stream-binder-kafka-core-4.1.0.jar:4.1.0]
at org.springframework.cloud.stream.binder.kafka.provisioning.KafkaTopicProvisioner.provisionProducerDestination(KafkaTopicProvisioner.java:96) ~[spring-cloud-stream-binder-kafka-core-4.1.0.jar:4.1.0]
at org.springframework.cloud.stream.binder.AbstractMessageChannelBinder.doBindProducer(AbstractMessageChannelBinder.java:297) ~[spring-cloud-stream-4.1.0.jar:4.1.0]
at org.springframework.cloud.stream.binder.AbstractMessageChannelBinder.doBindProducer(AbstractMessageChannelBinder.java:102) ~[spring-cloud-stream-4.1.0.jar:4.1.0]
at org.springframework.cloud.stream.binder.AbstractBinder.bindProducer(AbstractBinder.java:153) ~[spring-cloud-stream-4.1.0.jar:4.1.0]
at org.springframework.cloud.stream.binding.BindingService.doBindProducer(BindingService.java:353) ~[spring-cloud-stream-4.1.0.jar:4.1.0]
at org.springframework.cloud.stream.binding.BindingService.bindProducer(BindingService.java:294) ~[spring-cloud-stream-4.1.0.jar:4.1.0]
at org.springframework.cloud.stream.function.StreamBridge.resolveDestination(StreamBridge.java:272) ~[spring-cloud-stream-4.1.0.jar:4.1.0]
at org.springframework.cloud.stream.function.StreamBridge.send(StreamBridge.java:168) ~[spring-cloud-stream-4.1.0.jar:4.1.0]
at org.springframework.cloud.stream.function.StreamBridge.send(StreamBridge.java:147) ~[spring-cloud-stream-4.1.0.jar:4.1.0]
at org.springframework.cloud.stream.function.StreamBridge.send(StreamBridge.java:142) ~[spring-cloud-stream-4.1.0.jar:4.1.0]
at org.heller.kafka.demo.producer.KafkaProducer.scheduleFixedRateTask(KafkaProducer.java:32) ~[classes/:na]
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[na:na]
at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77) ~[na:na]
at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[na:na]
at java.base/java.lang.reflect.Method.invoke(Method.java:568) ~[na:na]
at org.springframework.scheduling.support.ScheduledMethodRunnable.runInternal(ScheduledMethodRunnable.java:130) ~[spring-context-6.1.1.jar:6.1.1]
at org.springframework.scheduling.support.ScheduledMethodRunnable.lambda$run$2(ScheduledMethodRunnable.java:124) ~[spring-context-6.1.1.jar:6.1.1]
at io.micrometer.observation.Observation.observe(Observation.java:499) ~[micrometer-observation-1.12.0.jar:1.12.0]
at org.springframework.scheduling.support.ScheduledMethodRunnable.run(ScheduledMethodRunnable.java:124) ~[spring-context-6.1.1.jar:6.1.1]
at org.springframework.scheduling.support.DelegatingErrorHandlingRunnable.run(DelegatingErrorHandlingRunnable.java:54) ~[spring-context-6.1.1.jar:6.1.1]
at java.base/java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:539) ~[na:na]
at java.base/java.util.concurrent.FutureTask.runAndReset(FutureTask.java:305) ~[na:na]
at java.base/java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:305) ~[na:na]
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1136) ~[na:na]
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:635) ~[na:na]
at java.base/java.lang.Thread.run(Thread.java:833) ~[na:na]
Caused by: java.util.concurrent.ExecutionException: org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed
at java.base/java.util.concurrent.CompletableFuture.reportGet(CompletableFuture.java:396) ~[na:na]
at java.base/java.util.concurrent.CompletableFuture.get(CompletableFuture.java:2096) ~[na:na]
at org.apache.kafka.common.internals.KafkaFutureImpl.get(KafkaFutureImpl.java:180) ~[kafka-clients-3.6.0.jar:na]
at org.springframework.cloud.stream.binder.kafka.provisioning.KafkaTopicProvisioner.createTopicAndPartitions(KafkaTopicProvisioner.java:413) ~[spring-cloud-stream-binder-kafka-core-4.1.0.jar:4.1.0]
at org.springframework.cloud.stream.binder.kafka.provisioning.KafkaTopicProvisioner.createTopicIfNecessary(KafkaTopicProvisioner.java:387) ~[spring-cloud-stream-binder-kafka-core-4.1.0.jar:4.1.0]
at org.springframework.cloud.stream.binder.kafka.provisioning.KafkaTopicProvisioner.createTopic(KafkaTopicProvisioner.java:364) ~[spring-cloud-stream-binder-kafka-core-4.1.0.jar:4.1.0]
... 27 common frames omitted
Caused by: org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed
Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131) ~[na:na]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:378) ~[na:na]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:321) ~[na:na]
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:316) ~[na:na]
at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357) ~[na:na]
at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232) ~[na:na]
at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175) ~[na:na]
at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396) ~[na:na]
at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480) ~[na:na]
at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277) ~[na:na]
at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264) ~[na:na]
at java.base/java.security.AccessController.doPrivileged(AccessController.java:712) ~[na:na]
at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209) ~[na:na]
at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:435) ~[kafka-clients-3.6.0.jar:na]
at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:523) ~[kafka-clients-3.6.0.jar:na]
at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:373) ~[kafka-clients-3.6.0.jar:na]
at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:293) ~[kafka-clients-3.6.0.jar:na]
at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178) ~[kafka-clients-3.6.0.jar:na]
at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543) ~[kafka-clients-3.6.0.jar:na]
at org.apache.kafka.common.network.Selector.poll(Selector.java:481) ~[kafka-clients-3.6.0.jar:na]
at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:571) ~[kafka-clients-3.6.0.jar:na]
at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1381) ~[kafka-clients-3.6.0.jar:na]
at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1312) ~[kafka-clients-3.6.0.jar:na]
at java.base/java.lang.Thread.run(Thread.java:833) ~[na:na]
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439) ~[na:na]
at java.base/sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306) ~[na:na]
at java.base/sun.security.validator.Validator.validate(Validator.java:264) ~[na:na]
at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285) ~[na:na]
at java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144) ~[na:na]
at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335) ~[na:na]
... 19 common frames omitted
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at java.base/sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:146) ~[na:na]
at java.base/sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:127) ~[na:na]
at java.base/java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297) ~[na:na]
at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434) ~[na:na]
... 24 common frames omitted
型
1条答案
按热度按时间7gcisfzg1#
我已将证书导入到cacrypt密钥存储中。
因此,我将假定Java Java Runtime Environment(JRE)的默认信任库,通常位于
<JAVA_HOME>/lib/security/cacerts
。通过“证书”,我还将假设受信任的CA的证书-证书颁发机构-验证Kafka代理使用的证书。因为如果这些证书不是CA,那只能意味着您的代理使用自签名证书。
如果您使用的是默认的Java cacetkeystore,并且它位于其标准位置(
<JAVA_HOME>/lib/security/cacerts
),则通常不需要使用Kafka Binder PropertiescertificateStoreDirectory
属性。Kafka Binder应该使用默认的信任库。首先检查您的Sping Boot 项目是否尚未在Kafka客户端中包含SSL配置。
它可能会覆盖默认的
cacerts
(您导入证书、CA或自签名的位置)。在Sping Boot 项目中,查找
application.yml
或application.properties
。该文件通常位于src/main/resources
目录中。如果您有特定于环境的配置文件,它们可能会被命名为application-dev.yml
,application-prod.yml
等。根据您使用的是YAML(application.yml
)还是properties format(application.properties
),配置会略有不同。对于
application.yml
,Kafka SSL配置如下所示:字符串
对于
application.properties
,它将是:型
但如果您的配置中没有任何SSL设置,则可以检查
cacerts
密钥库:keytool -list -v -keystore <JAVA_HOME>/lib/security/cacerts -storepass changeit
查找与您的Kafka broker的身份匹配的别名或主题。主题通常包含CN(公共名称),可能是broker的主机名。
第一步是检查您的
cacerts
是否包含用于签署代理证书的CA证书。检查Kafka经纪人使用的证书,包括:
型
如果证书是自签名的,
openssl verify
将返回类似kafka-broker-cert.pem: OK
的结果。这意味着证书本身应该导入到
cacerts
信任库中。