-
-
Notifications
You must be signed in to change notification settings - Fork 80
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Q: Connect to brokers with PEM and KEY #40
Comments
You can both connect to brokers using TLS and terminate TLS traffic on the proxy. For TLS termination please check
To initiate TLS connection to brokers check
|
same question here. trying to connect to kafka via client certificate. assuming that --tls-* are the right flags (proxy <-> kafka not client <-> proxy). ending up with a tls: unexpected message. is it a problem with the certificates? little bit stuck here... error message does not help too much :D |
Could you provide output from "openssl s_client -connect broker:port" and also tcpdump would be useful as well. |
|
|
have you tried to disable tls 1.3 with "export GODEBUG=tls13=0" ? |
yes, no other result
|
tls13=0a ? |
was just typo while copying... still not working. how can i see that it really isnt using tls13? |
well, I fixed one problm with openssl s_client -connect kafka2.dev.adp.cloud.audi:19093 -CAfile certs/root.cer and got rid of this message
but still got:
|
Are you sure that your client certificate used by kafka-proxy is correct ? you can check it with e.g. wireshark / tcpdump. if it is incorrect, sent cert will have length 0.
|
the certificate should be fine, we're able to use it from a java client. but I'll try to reach the kafka maintainer for help. thanks for your in-depth answers. If I find a solution I'll post it here :) |
ok, last shot for today and we found it -> we had a p12 and exported the client certificate. but without intermediate / not the complete chain. we did that with keyStoreExplorer and now we re connected! thx for the help! |
I would like to know how can I run/configure the kafka-proxy cli to connect to a cluster (brokers) asking for a certificate.
I have the PEM and KEY files, and I can connect using Java with a custom Keystore with those files.
How can I replicate this on the kafka-proxy client.
The text was updated successfully, but these errors were encountered: