I am using Bouncy Castle(BC) with RSA algorithm in one of my .net projects, I have created Root certificate(root.crt) using BC, and also I have created certificate (server.crt) signed by root.crt using BC.
Using Keytool, I have added server.crt to keystore (server.keystore.jks) and root.crt to truststore (server.truststore.jks). Please find the below commands for pushing these certificates to respective stores.
Importing Server.crt to server.keystore.jks:
keytool -keystore server.keystore.jks -validity 365 -genkey -keyalg RSA -storetype pkcs12
keytool -keystore server.keystore.jks -import -file Server.crt
Importing root.crt to server.truststore.jks:
keytool -keystore server.truststore.jks -alias CARoot -import -file root.crt
Now, I am referring physical paths of these 2 stores in kafka server.properties file as below
server.properties file:
ssl.keystore.location=C:\\kafka\\security\\server.keystore.jks
ssl.keystore.type=pkcs12
ssl.keystore.password=12345
ssl.key.password=12345
ssl.truststore.location=C:\\kafka\\security\\server.truststore.jks
ssl.truststore.type=JKS
ssl.truststore.password=12345
ssl.client.auth=required
security.inter.broker.protocol=SSL
ssl.endpoint.identification.algorithm=
When I try to run kafka server, it is shutting down with below error. Can anyone please help me out on this issue ?
Error:
[2021-06-18 00:56:13,674] ERROR [KafkaServer id=0] Fatal error during KafkaServer startup. Prepare to shutdown (kafka.server.KafkaServer)
org.apache.kafka.common.KafkaException: org.apache.kafka.common.config.ConfigException: Invalid value javax.net.ssl.SSLHandshakeException: no cipher suites in common for configuration A client SSLEngine created with the provided settings can't connect to a server SSLEngine created with those settings.
at org.apache.kafka.common.network.SslChannelBuilder.configure(SslChannelBuilder.java:74)
at org.apache.kafka.common.network.ChannelBuilders.create(ChannelBuilders.java:157)
at org.apache.kafka.common.network.ChannelBuilders.serverChannelBuilder(ChannelBuilders.java:97)
at kafka.network.Processor.<init>(SocketServer.scala:780)
at kafka.network.SocketServer.newProcessor(SocketServer.scala:406)
at kafka.network.SocketServer.$anonfun$addDataPlaneProcessors$1(SocketServer.scala:285)
at kafka.network.SocketServer.addDataPlaneProcessors(SocketServer.scala:284)
at kafka.network.SocketServer.$anonfun$createDataPlaneAcceptorsAndProcessors$1(SocketServer.scala:251)
at kafka.network.SocketServer.$anonfun$createDataPlaneAcceptorsAndProcessors$1$adapted(SocketServer.scala:248)
at scala.collection.IterableOnceOps.foreach(IterableOnce.scala:553)
at scala.collection.IterableOnceOps.foreach$(IterableOnce.scala:551)
at scala.collection.AbstractIterable.foreach(Iterable.scala:920)
at kafka.network.SocketServer.createDataPlaneAcceptorsAndProcessors(SocketServer.scala:248)
at kafka.network.SocketServer.startup(SocketServer.scala:122)
at kafka.server.KafkaServer.startup(KafkaServer.scala:286)
at kafka.server.KafkaServerStartable.startup(KafkaServerStartable.scala:44)
at kafka.Kafka$.main(Kafka.scala:82)
at kafka.Kafka.main(Kafka.scala)
Caused by: org.apache.kafka.common.config.ConfigException: Invalid value javax.net.ssl.SSLHandshakeException: no cipher suites in common for configuration A client SSLEngine created with the provided settings can't connect to a server SSLEngine created with those settings.
at org.apache.kafka.common.security.ssl.SslFactory.configure(SslFactory.java:98)
at org.apache.kafka.common.network.SslChannelBuilder.configure(SslChannelBuilder.java:72)
... 17 more```