Error with TLS 


kafka-console-producer --topic testtopic --bootstrap-server localhost:9092 --producer.config ./producer.properties
>[2020-07-10 17:16:19,327] ERROR [Producer clientId=console-producer] Connection to node -1 (localhost/127.0.0.1:9092) failed authentication due to: SSL handshake failed (org.apache.kafka.clients.NetworkClient)


producer.properties
===================

sasl.mechanism=PLAIN

security.protocol=SASL_SSL
#security.protocol=SSL
ssl.truststore.location=./kafka.client.truststore.jks
ssl.truststore.password=123456

sasl.jaas.config=org.apache.kafka.common.security.plain.PlainLoginModule required \
      username="testuser" \
      password="testuser";
	  
====================
kafka-proxy arguments for TLS

            - '--proxy-listener-tls-enable'    
            - '--proxy-listener-key-file=/etc/cert/server-key.pem'
            - '--proxy-listener-cert-file=/etc/cert/server-cert.pem'
            - '--auth-local-enable'
            - '--auth-local-command=/auth-ldap'
            - '--auth-local-param=--start-tls=false'                
            - '--auth-local-param=--url=ldap://openldap:389'  
            - '--auth-local-param=--user-dn=ou=people,dc=test,dc=com'
            - '--auth-local-param=--user-attr=cn' 	  


=====================
Generating Certs

# CA Private Key
openssl  genrsa -out ./CA-key.pem 
# Root CA Certificate
openssl req -config ./openssl.conf -new -key ./CA-key.pem -x509 -days 3650 -out ./CA-cert.pem
# generate csr + server key
openssl req -config ./openssl.conf -new -newkey rsa:4096 -nodes -keyout ./server-key.pem -out ./signingReq.csr
# Sign the certificate
openssl x509 -req  -days 3650 -in ./signingReq.csr -CA ./CA-cert.pem -CAkey ./CA-key.pem -CAcreateserial -out ./server-cert.pem
# import into a client trustore
rm ./kafka.client.truststore.jks
keytool -import -v -trustcacerts -alias endeca-ca -file ./CA-cert.pem -keystore ./kafka.client.truststore.jks			

======================
openssl.conf

[req]
default_bits=2048
encrypt_key=no
default_md=sha256
distinguished_name=req_subj
[req_subj]
commonName="chubb"
emailAddress=""
countryName="US"
countryName_default=US
stateOrProvinceName="New Jersey"
stateOrProvinceName_default="New Jersey"
localityName="NJ"
localityName_default="NJ"
organizationName="test"
organizationName_default="test"
organizationalUnitName="Service"
organizationalUnitName_default="Service"
=========================