SpringBoot 连接kafka ssl 报 CertificateException: No subject alternative names present 异常解决
2024-10-20 00:32:54
当使用较新版本SpringBoot时,对应的 kafka-client 版本也比较新,如果使用了 2.x 以上的 kafka-client ,并且配置了 kafka ssl 连接方式时,可能会报如下异常:
javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack? ..... org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed
Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem ..... Caused by: java.security.cert.CertificateException: No subject alternative names present ..... 2019-10-09 10:12:55.683 DEBUG 23524 --- [ main] o.s.kafka.core.KafkaTemplate : Failed to send: ProducerRecord .....
该原因是因为新版本 kafka-client 会校验证书的主机名,配置忽略主机名校验即可。
配置方法主要代码如下:
spring:
kafka:
properties:
ssl:
endpoint:
identification:
algorithm: ''
另附SpringBoot 使用 ssl 证书连接 kafka 完整配置如下:
########## kafka ##########
spring:
kafka:
producer:
batch-size: 16384
retries: 1
buffer-memory: 33554432
bootstrap-servers: 192.168.1.100:9092
value-serializer: org.apache.kafka.common.serialization.StringSerializer
key-serializer: org.apache.kafka.common.serialization.StringSerializer
consumer:
group-id: test-group-001
auto-offset-reset: earliest
auto-commit-interval: 100
bootstrap-servers: 192.168.1.100:9092
value-deserializer: org.apache.kafka.common.serialization.StringDeserializer
key-deserializer: org.apache.kafka.common.serialization.StringDeserializer
enable-auto-commit: true
ssl:
protocol: SSL
trust-store-type: JKS
trust-store-location: file:D:/source-files/kafka/kafkatest.client.truststore.test.jks
trust-store-password: 123456
key-store-type: JKS
key-store-location: file:D:/source-files/kafka/kafkatest.client.keystore.test.jks
key-store-password: 123456
key-password: 123456
properties:
ssl:
endpoint:
identification:
algorithm: ''
security:
protocol: SSL
问题解决。
最新文章
- C#设计模式(2)——简单工厂模式
- 【整理】Word OpenXML常用标签
- PHP就业班心得:PHP的基本含义与功能特点
- phalcon: 当删除循环删除一组数据,需要判断影响的行affectedRows
- MyBatis实体类映射文件模板
- *[topcoder]ChooseTheBestOne
- ASP.NET MVC 使用Echarts
- yii 权限分级式访问控制的实现(非RBAC法)——已验证
- Caesar cipher
- 转:Excel转换XML工具<;一>;
- Android 音频管理器AudioManager
- 【转载】Retina屏的移动设备如何实现真正1px的线?
- python导入模块时的执行顺序
- 数据结构基础(2) --顺序查找 &; 二分查找
- Reinforcement Learning: An Introduction读书笔记(1)--Introduction
- LeetCode算法题-First Unique Character in a String(Java实现)
- H5 18-序选择器
- 分布式监控系统Zabbix--完整安装记录 -添加web页面监控
- PHP中cookie思维导图
- JS 在 IE9 中出现奇怪的错误(参数是必选项 argument not optional)