SpringBoot 連接kafka ssl 報 CertificateException: No subject alternative names present 異常解決
- 2019 年 10 月 9 日
- 筆記
當使用較新版本SpringBoot時,對應的 kafka-client 版本也比較新,如果使用了 2.x 以上的 kafka-client ,並且配置了 kafka ssl 連接方式時,可能會報如下異常:
javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack? ..... org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem ..... Caused by: java.security.cert.CertificateException: No subject alternative names present ..... 2019-10-09 10:12:55.683 DEBUG 23524 --- [ main] o.s.kafka.core.KafkaTemplate : Failed to send: ProducerRecord .....
該原因是因為新版本 kafka-client 會校驗證書的主機名,配置忽略主機名校驗即可。
配置方法主要代碼如下:
1 spring: 2 kafka: 3 properties: 4 ssl: 5 endpoint: 6 identification: 7 algorithm: ''
另附SpringBoot 使用 ssl 證書連接 kafka 完整配置如下:
1 ########## kafka ########## 2 spring: 3 kafka: 4 producer: 5 batch-size: 16384 6 retries: 1 7 buffer-memory: 33554432 8 bootstrap-servers: 192.168.1.100:9092 9 value-serializer: org.apache.kafka.common.serialization.StringSerializer 10 key-serializer: org.apache.kafka.common.serialization.StringSerializer 11 consumer: 12 group-id: test-group-001 13 auto-offset-reset: earliest 14 auto-commit-interval: 100 15 bootstrap-servers: 192.168.1.100:9092 16 value-deserializer: org.apache.kafka.common.serialization.StringDeserializer 17 key-deserializer: org.apache.kafka.common.serialization.StringDeserializer 18 enable-auto-commit: true 19 ssl: 20 protocol: SSL 21 trust-store-type: JKS 22 trust-store-location: file:D:/source-files/kafka/kafkatest.client.truststore.test.jks 23 trust-store-password: 123456 24 key-store-type: JKS 25 key-store-location: file:D:/source-files/kafka/kafkatest.client.keystore.test.jks 26 key-store-password: 123456 27 key-password: 123456 28 properties: 29 ssl: 30 endpoint: 31 identification: 32 algorithm: '' 33 security: 34 protocol: SSL
問題解決。
