Hi,
I want to enable SSL between CDC for Kafka and Kafka on AWS cloud, but CDC instance is running with problem and receives the following error:
Agent Reader, READ: TLSv1.2 Alert, length = 2
Agent Reader, RECV TLSv1.2 ALERT: fatal, certificate_unknown
%% Invalidated: [Session-1, SSL_ECDHE_RSA_WITH_AES_256_CBC_SHA384]
Agent Reader, called closeSocket()
Agent Reader, handling exception: javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown
The keystore and truststore are provided by another party, so I am not sure how they are generated. And the certificates are not expired.
I found that
(a) the certificates in keystore do not exist in truststore
(b) the
DNSName in keystore is different from the bootstrap server name in Kafkaproducer.properties, and cannot ping it (hostname, not ip) from CDC server.
Is it normal?
The keystore is like:
Your keystore contains 1 entry
Alias name: XXX
Creation date: May XX, 2020
Entry type: keyEntry
Certificate chain length: 2
Certificate[1]:
Owner: CN= (Kafka producer hostname on cloud)
...
SubjectAlternativeName [
[DNSName: (Kafka producer hostname on cloud) - same as CN]]
Certificate[2]:
....
And it is weird that the data is able to be replicated. Why?
Any input would be appreciated!
#DataReplication#DataIntegration