您的位置:首页 > 编程语言 > Java开发

SpringBoot 连接kafka ssl 报 CertificateException: No subject alternative names present 异常解决

2019-10-09 11:54 3763 查看

当使用较新版本SpringBoot时,对应的 kafka-client 版本也比较新,如果使用了 2.x 以上的 kafka-client ,并且配置了 kafka ssl 连接方式时,可能会报如下异常:

javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack?

.....

org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed
Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem

.....

Caused by: java.security.cert.CertificateException: No subject alternative names present

.....

2019-10-09 10:12:55.683 DEBUG 23524 --- [           main] o.s.kafka.core.KafkaTemplate             : Failed to send: ProducerRecord

.....

 

该原因是因为新版本 kafka-client 会校验证书的主机名,配置忽略主机名校验即可。

配置方法主要代码如下:

spring:
kafka:
properties:
ssl:
endpoint:
identification:
algorithm: ''

 

另附SpringBoot 使用 ssl 证书连接 kafka 完整配置如下:

########## kafka ##########
spring:
kafka:
producer:
batch-size: 16384
retries: 1
buffer-memory: 33554432
bootstrap-servers: 192.168.1.100:9092
value-serializer: org.apache.kafka.common.serialization.StringSerializer
key-serializer: org.apache.kafka.common.serialization.StringSerializer
consumer:
group-id: test-group-001
auto-offset-reset: earliest
auto-commit-interval: 100
bootstrap-servers: 192.168.1.100:9092
value-deserializer: org.apache.kafka.common.serialization.StringDeserializer
key-deserializer: org.apache.kafka.common.serialization.StringDeserializer
enable-auto-commit: true
ssl:
protocol: SSL
trust-store-type: JKS
trust-store-location: file:D:/source-files/kafka/kafkatest.client.truststore.test.jks
trust-store-password: 123456
key-store-type: JKS
key-store-location: file:D:/source-files/kafka/kafkatest.client.keystore.test.jks
key-store-password: 123456
key-password: 123456
properties:
ssl:
endpoint:
identification:
algorithm: ''
security:
protocol: SSL

 

问题解决。

 

内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 点击这里给我发消息
标签: 
相关文章推荐
新的分享
章节导航