Data Replication

Expand all | Collapse all

SSL error: Certificate unknown

  • 1.  SSL error: Certificate unknown

    Posted Mon June 08, 2020 05:42 AM
    Edited by Learner Cognos Mon June 08, 2020 06:27 AM
    Hi, 

    I want to enable SSL between CDC for Kafka and Kafka on AWS cloud, but CDC instance is running with problem and receives the following error:

    Agent Reader, READ: TLSv1.2 Alert, length = 2
    Agent Reader, RECV TLSv1.2 ALERT:  fatal, certificate_unknown
    %% Invalidated:  [Session-1, SSL_ECDHE_RSA_WITH_AES_256_CBC_SHA384]
    Agent Reader, called closeSocket()
    Agent Reader, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown

    The keystore and truststore are provided by another party, so I am not sure how they are generated. And the certificates are not expired.
    I
    found that
    (a) the certificates in keystore do not exist in truststore
    (b) the DNSName in keystore is different from the bootstrap server name in Kafkaproducer.properties, and cannot ping it (hostname, not ip) from CDC server.
    Is it normal?

    The keystore is like:
    Your keystore contains 1 entry
    Alias name: XXX
    Creation date: May XX, 2020
    Entry type: keyEntry
    Certificate chain length: 2
    Certificate[1]:
    Owner: CN= (Kafka producer hostname on cloud)
    ...
    SubjectAlternativeName [
    [DNSName: (Kafka producer hostname on cloud) - same as CN]]
    Certificate[2]:
    ....

    And it is weird that the data is able to be replicated. Why?

    Any input would be appreciated!


  • 2.  RE: SSL error: Certificate unknown

    Posted Tue June 23, 2020 05:41 PM

    Perhaps this guide might help:

    https://www.ibm.com/support/pages/configuring-cdc-replication-engine-kafka-use-ssl-security



    ------------------------------
    Glenn Steffler
    ------------------------------