SpringBoot 连接kafka ssl 报 CertificateException: No subject alternative names present 异常解决

Posted 我们的征途,是星辰大海

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了SpringBoot 连接kafka ssl 报 CertificateException: No subject alternative names present 异常解决相关的知识,希望对你有一定的参考价值。

当使用较新版本SpringBoot时,对应的 kafka-client 版本也比较新,如果使用了 2.x 以上的 kafka-client ,并且配置了 kafka ssl 连接方式时,可能会报如下异常:

javax.net.ssl.SSLException: Inbound closed before receiving peer‘s close_notify: possible truncation attack?

.....

org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed
Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem

.....

Caused by: java.security.cert.CertificateException: No subject alternative names present

.....

2019-10-09 10:12:55.683 DEBUG 23524 --- [           main] o.s.kafka.core.KafkaTemplate             : Failed to send: ProducerRecord

.....

 

该原因是因为新版本 kafka-client 会校验证书的主机名,配置忽略主机名校验即可。

配置方法主要代码如下:

1 spring:
2   kafka:
3     properties:
4       ssl:
5         endpoint:
6           identification:
7             algorithm: ‘‘

 

另附SpringBoot 使用 ssl 证书连接 kafka 完整配置如下:

 1 ########## kafka ##########
 2 spring:
 3   kafka:
 4     producer:
 5       batch-size: 16384
 6       retries: 1
 7       buffer-memory: 33554432
 8       bootstrap-servers: 192.168.1.100:9092
 9       value-serializer: org.apache.kafka.common.serialization.StringSerializer
10       key-serializer: org.apache.kafka.common.serialization.StringSerializer
11     consumer:
12       group-id: test-group-001
13       auto-offset-reset: earliest
14       auto-commit-interval: 100
15       bootstrap-servers: 192.168.1.100:9092
16       value-deserializer: org.apache.kafka.common.serialization.StringDeserializer
17       key-deserializer: org.apache.kafka.common.serialization.StringDeserializer
18       enable-auto-commit: true
19     ssl:
20       protocol: SSL
21       trust-store-type: JKS
22       trust-store-location: file:D:/source-files/kafka/kafkatest.client.truststore.test.jks
23       trust-store-password: 123456
24       key-store-type: JKS
25       key-store-location: file:D:/source-files/kafka/kafkatest.client.keystore.test.jks
26       key-store-password: 123456
27       key-password: 123456
28     properties:
29       ssl:
30         endpoint:
31           identification:
32             algorithm: ‘‘
33       security:
34         protocol: SSL

 

问题解决。

 

以上是关于SpringBoot 连接kafka ssl 报 CertificateException: No subject alternative names present 异常解决的主要内容,如果未能解决你的问题,请参考以下文章

Kafka 如何使用 SSL 连接 Elasticsearch?

无法在启用 SSL 的 Kafka 集群中注册 Debezium (Kafka-Connect) 连接器

使用 pem 密钥和客户端证书的 KAFKA SSL 连接

连接Kafka 3.0中的主要问题-org.apache.kafka.common.KafkaException:无法加载SSL密钥库

SpringBoot: kafka stream报kafka stream must subscribe to at least one source topic or global table

kafka使用ssl加密和认证