kafka-avro-console-consumer: Specify truststore location for schema-registry

1
votes

I am using confluent kafka-avro-console-consumer like following

/kafka-avro-console-consumer --bootstrap-server <brokers> --topic Topic-out --property schema.registry.url=https://schemaregistry:443/ --consumer.config client-sasl-ssl.properties  --from-beginning

It fails to connect to schema registry with the following error, 

org.apache.kafka.common.errors.SerializationException: Error deserializing Avro message for id 45
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
    at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1946)
    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:316)
    at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:310)

which means that i need to specify truststore location in java path like ( i have done it for custom java code and it worked) 

Djavax.net.ssl.trustStore=truststore.jks -Djavax.net.ssl.trustStoreType=jks --Djavax.net.ssl.trustStorePassword=pass

The question is where do i specify above parameters while running kafka-avro-console-consumer command.

1
apache-kafkaconfluent-platformtruststoreconfluent-schema-registryjava-security
Fixed it by using the following export export SCHEMA_REGISTRY_OPTS="-Djavax.net.ssl.trustStore=/tools/confluent-5.3.0/bin/kafka.client.truststore.jks -Djavax.net.ssl.trustStoreType=jks -Djavax.net.ssl.trustStorePassword=pass"SunilS

1 Answers

2
votes

try this

export SCHEMA_REGISTRY_OPTS="-Djavax.net.ssl.trustStore=/tools/confluent-5.3.0/bin/kafka.client.truststore.jks -Djavax.net.ssl.trustStoreType=jks -Djavax.net.ssl.trustStorePassword=pass