![]() ![]() This will set the client property to null. ![]() You can avoid this by unchecking the 'Validate SSL endpoint hostname' checkbox in the 'Broker security' section. If the SAN(s) in your server certificate do not match the actual hostname of the brokers you are connecting to, you will receive an SSL error (No subject alternative DNS name matching xxx found) To enter the password for this truststore. Issued by a public CA, you need to point to a local truststore that contains the self signed root certificate that signed your brokers certificate. Unless your Kafka brokers are using a server certificate If your Kafka cluster is configured to use SSL you may need to set various SSL configuration parameters. This property can be entered in the 'SASL Mechanism' text field under the 'Advanced' section. If you are using SASL Plaintext you typically must change the chanism client property to PLAIN. If you do not pass the JAAS config file at the startup of Offset Explorer, you must specify it under the JAAS Config tab for each connection. /Applications/Offset Explorer.app/Contents/java/appīefore that, you must configure the provided client_nf file to match your Kafka cluster configuration.On MacOS you need to start Offset Explorer using offsetexplorer.sh located in the following folder On Linux you need to start Offset Explorer as follows offsetexplorer.exe .config=c:/client_nf.On Windows you need to start Offset Explorer as follows The exact contents of the JAAS file depend on the configuration of your cluster, please refer to the Kafka documentation. If your cluster is configured for SASL (plaintext or SSL) you must either specify the JAAS config in the UI or pass in your JAAS config file to Offset Explorer when you start it. To test that your connection is working properly or Add to add the server connection without testing it first. If your cluster is configured for plaintext security (typically in test environments only) you do not need to configure any additional security attributes. Notice that if you do not provide the Zookeeper host/port values, some features in Offset Explorer may not be available. This can happen if you have configured support for multiple protocols in your cluster. The correct broker hosts/ports cannot be determined from the data in the Zookeeper.In this case you need to leave the Zookeeper host/port fields blank. You have no access to the Zookeeper host in your cluster due to security, firewall or other reasons.In some cases you must enter values in the 'Bootstrap servers' field in order to be able to connect to your Kafka cluster: The defalit value is correct in most cases. chroot path - path where the kafka cluster data appears in Zookeeper.Zookeeper Port - port of the zookeeper host.Zookeeper Host - hostname or IP address of the zookeeper host in the cluster.Cluster Name - name you want to give the cluster you're connecting to. ![]() In the 'Add Cluster' dialog you must provide the following values under the General-section This can be done using the 'Add Cluster' toolbar button or the 'Add New Connection' menu item in the File-menu. I woul apprecciate any hints regarding this topic.In order to view data in your Kafka cluster you must first create a connection to it. I can exclude the used alias and the used password as the reason. I have absolutely no explaination for this, and found no information on the internet. Image: debugging PrivateKeyEntry constructor call With debugging i can see, that the constructor of PrivateKeyEntry is called with the chain argument nulled: : invalid null inputĪt $PrivateKeyEntry.(KeyStore.java:524) ~Īt 12KeyStore.engineGetEntry(PKCS12KeyStore.java:1311) ~Īt (KeyStore.java:1521) ~ Instance.getCertificateChain(alias) => returns nullįinal KeyStore.ProtectionParameter param = new KeyStore.PasswordProtection( password ) įinal KeyStore.PrivateKeyEntry privateKeyEntry = (KeyStore.PrivateKeyEntry) instance.getEntry( alias, param ) Instance.getKey(alias, password) => returns Key Instance.load( new ByteArrayInputStream( bytes ), password ) This is my code: final KeyStore instance = KeyStore.getInstance( "pkcs12" ) When i load it into a java KeyStore, i am able to access the Key, but the certificate chain is null. I am able to load this PKCS12 file with KSE again, and the keypair as well as the certificate chain is there. I exported a client-ssl-certificate KeyPair with certificate chain as PKCS12 file keystore explorer. ![]()
0 Comments
Leave a Reply. |