• SpringBoot 连接kafka ssl 报 CertificateException: No subject alternative names present 异常解决


    当使用较新版本SpringBoot时,对应的 kafka-client 版本也比较新,如果使用了 2.x 以上的 kafka-client ,并且配置了 kafka ssl 连接方式时,可能会报如下异常:

    javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack?
    
    .....
    
    org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed
    Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
    
    .....
    
    Caused by: java.security.cert.CertificateException: No subject alternative names present
    
    .....
    
    2019-10-09 10:12:55.683 DEBUG 23524 --- [           main] o.s.kafka.core.KafkaTemplate             : Failed to send: ProducerRecord
    
    .....

    该原因是因为新版本 kafka-client 会校验证书的主机名,配置忽略主机名校验即可。

    配置方法主要代码如下:

    1 spring:
    2   kafka:
    3     properties:
    4       ssl:
    5         endpoint:
    6           identification:
    7             algorithm: ''

    另附SpringBoot 使用 ssl 证书连接 kafka 完整配置如下:

     1 ########## kafka ##########
     2 spring:
     3   kafka:
     4     producer:
     5       batch-size: 16384
     6       retries: 1
     7       buffer-memory: 33554432
     8       bootstrap-servers: 192.168.1.100:9092
     9       value-serializer: org.apache.kafka.common.serialization.StringSerializer
    10       key-serializer: org.apache.kafka.common.serialization.StringSerializer
    11     consumer:
    12       group-id: test-group-001
    13       auto-offset-reset: earliest
    14       auto-commit-interval: 100
    15       bootstrap-servers: 192.168.1.100:9092
    16       value-deserializer: org.apache.kafka.common.serialization.StringDeserializer
    17       key-deserializer: org.apache.kafka.common.serialization.StringDeserializer
    18       enable-auto-commit: true
    19     ssl:
    20       protocol: SSL
    21       trust-store-type: JKS
    22       trust-store-location: file:D:/source-files/kafka/kafkatest.client.truststore.test.jks
    23       trust-store-password: 123456
    24       key-store-type: JKS
    25       key-store-location: file:D:/source-files/kafka/kafkatest.client.keystore.test.jks
    26       key-store-password: 123456
    27       key-password: 123456
    28     properties:
    29       ssl:
    30         endpoint:
    31           identification:
    32             algorithm: ''
    33       security:
    34         protocol: SSL

    问题解决。

  • 相关阅读:
    线性表算法设计题2.11
    硬币抛掷模拟(使用数组)
    循环列示例(约瑟夫环问题)
    线性表算法设计题2.15
    ASP.NET2.0中的GRIDVIEW控件在使用TemplateField中的LinkButton时如何在RowCommand事件中找到当前行index的方法
    VS2005发布网站问题及"aspnet_merge.exe”已退出,代码为 1的错误
    弹出对话框的同时保持页面的显示(不变形)
    NET Framework 类库
    一些实用的正则表达式
    CuteEditor6.0使用配置心得体会
  • 原文地址:https://www.cnblogs.com/moonciki/p/11640883.html
Copyright © 2020-2023  润新知