0
votes

I am using Bouncy Castle(BC) with RSA algorithm in one of my .net projects, I have created Root certificate(root.crt) using BC, and also I have created certificate (server.crt) signed by root.crt using BC.

Using Keytool, I have added server.crt to keystore (server.keystore.jks) and root.crt to truststore (server.truststore.jks). Please find the below commands for pushing these certificates to respective stores.

Importing Server.crt to server.keystore.jks:

keytool -keystore server.keystore.jks -validity 365 -genkey -keyalg RSA -storetype pkcs12

keytool -keystore server.keystore.jks -import -file Server.crt

Importing root.crt to server.truststore.jks:

keytool -keystore server.truststore.jks -alias CARoot -import -file root.crt

Now, I am referring physical paths of these 2 stores in kafka server.properties file as below

server.properties file:

ssl.keystore.location=C:\\kafka\\security\\server.keystore.jks
ssl.keystore.type=pkcs12
ssl.keystore.password=12345
ssl.key.password=12345
ssl.truststore.location=C:\\kafka\\security\\server.truststore.jks
ssl.truststore.type=JKS
ssl.truststore.password=12345
ssl.client.auth=required
security.inter.broker.protocol=SSL
ssl.endpoint.identification.algorithm=

When I try to run kafka server, it is shutting down with below error. Can anyone please help me out on this issue ?

Error:

[2021-06-18 00:56:13,674] ERROR [KafkaServer id=0] Fatal error during KafkaServer startup. Prepare to shutdown (kafka.server.KafkaServer)
org.apache.kafka.common.KafkaException: org.apache.kafka.common.config.ConfigException: Invalid value javax.net.ssl.SSLHandshakeException: no cipher suites in common for configuration A client SSLEngine created with the provided settings can't connect to a server SSLEngine created with those settings.
        at org.apache.kafka.common.network.SslChannelBuilder.configure(SslChannelBuilder.java:74)
        at org.apache.kafka.common.network.ChannelBuilders.create(ChannelBuilders.java:157)
        at org.apache.kafka.common.network.ChannelBuilders.serverChannelBuilder(ChannelBuilders.java:97)
        at kafka.network.Processor.<init>(SocketServer.scala:780)
        at kafka.network.SocketServer.newProcessor(SocketServer.scala:406)
        at kafka.network.SocketServer.$anonfun$addDataPlaneProcessors$1(SocketServer.scala:285)
        at kafka.network.SocketServer.addDataPlaneProcessors(SocketServer.scala:284)
        at kafka.network.SocketServer.$anonfun$createDataPlaneAcceptorsAndProcessors$1(SocketServer.scala:251)
        at kafka.network.SocketServer.$anonfun$createDataPlaneAcceptorsAndProcessors$1$adapted(SocketServer.scala:248)
        at scala.collection.IterableOnceOps.foreach(IterableOnce.scala:553)
        at scala.collection.IterableOnceOps.foreach$(IterableOnce.scala:551)
        at scala.collection.AbstractIterable.foreach(Iterable.scala:920)
        at kafka.network.SocketServer.createDataPlaneAcceptorsAndProcessors(SocketServer.scala:248)
        at kafka.network.SocketServer.startup(SocketServer.scala:122)
        at kafka.server.KafkaServer.startup(KafkaServer.scala:286)
        at kafka.server.KafkaServerStartable.startup(KafkaServerStartable.scala:44)
        at kafka.Kafka$.main(Kafka.scala:82)
        at kafka.Kafka.main(Kafka.scala)
Caused by: org.apache.kafka.common.config.ConfigException: Invalid value javax.net.ssl.SSLHandshakeException: no cipher suites in common for configuration A client SSLEngine created with the provided settings can't connect to a server SSLEngine created with those settings.
        at org.apache.kafka.common.security.ssl.SslFactory.configure(SslFactory.java:98)
        at org.apache.kafka.common.network.SslChannelBuilder.configure(SslChannelBuilder.java:72)
        ... 17 more```

I am not sure if it is on purpose but your keystore created with JKS and not like keystore.p12 for storetype pkcs12, not sure if it should cause you any of the related troubles, does not seems related muchRan Lupovich