SSL handshake failed

Question

SSL handshake failed

ckvtvm-arch opened this issue 4 years ago · 13 comments

I followed the instruction from https://developers.redhat.com/products/amq/hello-world-amq-streams-openshift#start_sending_and_receiving_from_a_topic for testing my new kafka cluster created out of CRC.

Message History

RouteId ProcessorId Processor Elapsed (ms)
[producer-route ] [producer-route ] [timer://foo?period=1000 ] [ 842]
[producer-route ] [route-setBody ] [setBody[simple{Hello World from camel-context.xml with ID ${id}}] ] [ 0]
[producer-route ] [_kafka1 ] [kafka:my-topic?securityProtocol=SSL&sslTruststoreLocation=src/main/resources/k] [ 842]

Stacktrace

org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed
Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:369)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:312)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:307)
at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:654)
at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.onCertificate(CertificateMessage.java:473)
at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.consume(CertificateMessage.java:369)
at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396)
at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480)
at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1267)
at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1254)
at java.base/java.security.AccessController.doPrivileged(AccessController.java:691)
at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1199)
at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:402)
at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:484)
at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:340)
at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:265)
at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:170)
at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:547)
at org.apache.kafka.common.network.Selector.poll(Selector.java:483)
at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:540)
at org.apache.kafka.clients.producer.internals.Sender.runOnce(Sender.java:335)
at org.apache.kafka.clients.producer.internals.Sender.run(Sender.java:244)
at java.base/java.lang.Thread.run(Thread.java:832)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439)
at java.base/sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306)
at java.base/sun.security.validator.Validator.validate(Validator.java:264)
at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285)
at java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144)
at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:632)
... 19 common frames omitted
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at java.base/sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
at java.base/sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
at java.base/java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297)
at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434)
... 24 common frames omitted
16:59:30.742 [Camel (MyCamel) thread #2 - timer://foo] WARN o.a.c.component.timer.TimerConsumer - Error processing exchange. Exchange[ID-LC02CHB58MD6R-US-AD-WELLPOINT-COM-1607460881145-0-153]. Caused by: [org.apache.kafka.common.errors.SslAuthenticationException - SSL handshake failed]
org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed
Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:369)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:312)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:307)
at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:654)
at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.onCertificate(CertificateMessage.java:473)
at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.consume(CertificateMessage.java:369)
at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396)
at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480)
at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1267)
at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1254)
at java.base/java.security.AccessController.doPrivileged(AccessController.java:691)
at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1199)
at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:402)
at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:484)
at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:340)
at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:265)
at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:170)
at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:547)
at org.apache.kafka.common.network.Selector.poll(Selector.java:483)
at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:540)
at org.apache.kafka.clients.producer.internals.Sender.runOnce(Sender.java:335)
at org.apache.kafka.clients.producer.internals.Sender.run(Sender.java:244)
at java.base/java.lang.Thread.run(Thread.java:832)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439)
at java.base/sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306)
at java.base/sun.security.validator.Validator.validate(Validator.java:264)
at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285)
at java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144)
at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:632)
... 19 common frames omitted
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at java.base/sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
at java.base/sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
at java.base/java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297)
at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434)
... 24 common frames omitted
16:59:31.629 [kafka-producer-network-thread | producer-1] INFO o.a.kafka.common.network.Selector - [Producer clientId=producer-1] Failed authentication with localhost/127.0.0.1 (SSL handshake failed)
16:59:31.629 [kafka-producer-network-thread | producer-1] ERROR o.apache.kafka.clients.NetworkClient - [Producer clientId=producer-1] Connection to node -1 (localhost/127.0.0.1:443) failed authentication due to: SSL handshake failed
16:59:31.630 [Camel (MyCamel) thread #2 - timer://foo] ERROR o.a.c.processor.DefaultErrorHandler - Failed delivery for (MessageId: ID-LC02CHB58MD6R-US-AD-WELLPOINT-COM-1607460881145-0-156 on ExchangeId: ID-LC02CHB58MD6R-US-AD-WELLPOINT-COM-1607460881145-0-155). Exhausted after delivery attempt: 1 caught: org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed

Answer 1 · 2020-12-08T23:35:38.000Z

Hi @ckvtvm-arch

It looks like the cert was not added to the application. Can you confirm that there are two files under src/main/resources/ one named ca.crt and the other keystore.jks?

If the files exists, then run the following command: keytool -list -v -keystore src/main/resources/keystore.jks -alias root -storepass password this should return the information of the certificate.

It should be issued by the cluster-ca with the io.strimzi organization. If it is different, please post the output of the command.

Answer 2 · 2020-12-09T01:14:28.000Z

Yes, there are 2 files under resources as .jks and ca.crt. I have generated the keystore based on ca.cert.

but when i try to list the keystore, it is showing the message as not found ,, i am bit confused.

af71194@LC02CHB58MD6R resources % keytool -list -v -keystore src/main/resources/keystore.jks -alias root -storepass password
keytool error: java.lang.Exception: Keystore file does not exist: src/main/resources/keystore.jks
java.lang.Exception: Keystore file does not exist: src/main/resources/keystore.jks
at java.base/sun.security.tools.keytool.Main.doCommands(Main.java:916)
at java.base/sun.security.tools.keytool.Main.run(Main.java:422)
at java.base/sun.security.tools.keytool.Main.main(Main.java:415)
af71194@LC02CHB58MD6R resources %

Answer 3 · 2020-12-09T18:55:47.000Z

Can you check that you are in the correct folders and file structure? Perhaps using the full path for the files?

Answer 4 · 2020-12-09T19:49:01.000Z

sorry , here you go 👍🏻 af71194@LC02CHB58MD6R resources % keytool -list -v -keystore /Users/af71194/amq-examples/camel-kafka-demo/src/main/resources/keystore.jks -alias root -storepass password
Alias name: root
Creation date: Dec 9, 2020
Entry type: trustedCertEntry

Owner: CN=cluster-ca v0, O=io.strimzi
Issuer: CN=cluster-ca v0, O=io.strimzi
Serial number: f626fec5b1739e21
Valid from: Sat Dec 05 22:35:12 EST 2020 until: Sun Dec 05 22:35:12 EST 2021
Certificate fingerprints:
SHA1: 82:F5:27:F4:36:4A:4A:59:1C:7F:00:C4:C9:B4:0F:5E:11:6D:4B:6E
SHA256: 96:BF:A2:08:A4:06:82:D9:90:8D:BE:40:C3:86:87:DA:6D:17:09:9C:E4:BB:60:DE:B6:88:4C:EF:B3:CB:D8:D2
Signature algorithm name: SHA256withRSA
Subject Public Key Algorithm: 2048-bit RSA key
Version: 3

Extensions:

#1: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: 5C 98 FC D8 25 08 EF 05 42 39 7B 28 1E 59 3F B2 ...%...B9.(.Y?.
0010: 5F 03 CE 4A _..J
]
]

#2: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
CA:true
PathLen:2147483647
]

#3: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: 5C 98 FC D8 25 08 EF 05 42 39 7B 28 1E 59 3F B2 ...%...B9.(.Y?.
0010: 5F 03 CE 4A _..J
]
]

Answer 5 · 2020-12-09T20:16:50.000Z

The cert and hence, the keystore looks good. My guess is the path issue. Can you try to run again but this time from the folder /Users/af71194/amq-examples/camel-kafka-demo/ ?

If that doesn't work then we can use the full path in the code here src/main/resources/spring/camel-context.xml.

Answer 6 · 2020-12-09T23:05:54.000Z

I changed the camel context and it started working. but i have below issue now.
16:58:29.281 [main] INFO o.a.kafka.common.utils.AppInfoParser - Kafka version: 2.4.0.redhat-00005
16:58:29.281 [main] INFO o.a.kafka.common.utils.AppInfoParser - Kafka commitId: bc61f1c575849a1e
16:58:29.282 [main] INFO o.a.kafka.common.utils.AppInfoParser - Kafka startTimeMs: 1607551109281
16:58:29.283 [Camel (MyCamel) thread #1 - KafkaConsumer[my-topic]] INFO o.a.c.component.kafka.KafkaConsumer - Subscribing my-topic-Thread 0 to topic my-topic
16:58:29.284 [Camel (MyCamel) thread #1 - KafkaConsumer[my-topic]] INFO o.a.k.clients.consumer.KafkaConsumer - [Consumer clientId=consumer-94ac59eb-d9b2-4317-8e2c-541e06700077-1, groupId=94ac59eb-d9b2-4317-8e2c-541e06700077] Subscribed to topic(s): my-topic
16:58:29.283 [main] INFO o.a.camel.spring.SpringCamelContext - Route: consumer-route started and consuming from: kafka://my-topic?securityProtocol=SSL&sslTruststoreLocation=%2FUsers%2Faf71194%2FDocuments%2FGitHub%2Famq-examples%2Fcamel-kafka-demo%2Fsrc%2Fmain%2Fresources%2Fkeystore.jks&sslTruststorePassword=xxxxxx
16:58:29.286 [main] INFO o.a.camel.spring.SpringCamelContext - Route: producer-route started and consuming from: timer://foo?period=1000
16:58:29.287 [main] INFO o.a.camel.spring.SpringCamelContext - Total 2 routes, of which 2 are started
16:58:29.288 [main] INFO o.a.camel.spring.SpringCamelContext - Apache Camel 2.21.0.fuse-760027-redhat-00001 (CamelContext: MyCamel) started in 0.944 seconds
16:58:29.289 [main] INFO o.a.coyote.http11.Http11NioProtocol - Starting ProtocolHandler ["http-nio-0.0.0.0-8081"]
16:58:29.294 [main] INFO o.a.tomcat.util.net.NioSelectorPool - Using a shared selector for servlet write/read
16:58:29.303 [main] INFO o.s.b.c.e.t.TomcatEmbeddedServletContainer - Tomcat started on port(s): 8081 (http)
16:58:29.308 [main] INFO o.s.c.s.DefaultLifecycleProcessor - Starting beans in phase 0
16:58:29.315 [main] INFO o.s.b.a.e.jmx.EndpointMBeanExporter - Located managed bean 'healthEndpoint': registering with JMX server as MBean [org.springframework.boot:type=Endpoint,name=healthEndpoint]
16:58:29.346 [main] INFO o.a.coyote.http11.Http11NioProtocol - Starting ProtocolHandler ["http-nio-0.0.0.0-8080"]
16:58:29.347 [main] INFO o.a.tomcat.util.net.NioSelectorPool - Using a shared selector for servlet write/read
16:58:29.348 [main] INFO o.s.b.c.e.t.TomcatEmbeddedServletContainer - Tomcat started on port(s): 8080 (http)
16:58:29.352 [main] INFO com.redhat.kafkademo.Application - Started Application in 6.7 seconds (JVM running for 7.254)
16:59:30.314 [Camel (MyCamel) thread #2 - timer://foo] ERROR o.a.c.processor.DefaultErrorHandler - Failed delivery for (MessageId: ID-LC02CHB58MD6R-US-AD-WELLPOINT-COM-1607551106456-0-2 on ExchangeId: ID-LC02CHB58MD6R-US-AD-WELLPOINT-COM-1607551106456-0-1). Exhausted after delivery attempt: 1 caught: org.apache.kafka.common.errors.TimeoutException: Topic my-topic not present in metadata after 60000 ms.

Message History

RouteId ProcessorId Processor Elapsed (ms)
[producer-route ] [producer-route ] [timer://foo?period=1000 ] [ 60016]
[producer-route ] [route-setBody ] [setBody[simple{Hello World from camel-context.xml with ID ${id}}] ] [ 5]
[producer-route ] [_kafka1 ] [kafka:my-topic?securityProtocol=SSL&sslTruststoreLocation=/Users/af71194/Docum] [ 60008]

Stacktrace

org.apache.kafka.common.errors.TimeoutException: Topic my-topic not present in metadata after 60000 ms.
16:59:30.330 [Camel (MyCamel) thread #2 - timer://foo] WARN o.a.c.component.timer.TimerConsumer - Error processing exchange. Exchange[ID-LC02CHB58MD6R-US-AD-WELLPOINT-COM-1607551106456-0-1]. Caused by: [org.apache.kafka.common.errors.TimeoutException - Topic my-topic not present in metadata after 60000 ms.]
org.apache.kafka.common.errors.TimeoutException: Topic my-topic not present in metadata after 60000 ms.
16:59:44.468 [kafka-producer-network-thread | producer-1] WARN o.apache.kafka.clients.NetworkClient - [Producer clientId=producer-1] Connection to node -1 (my-cluster-kafka-bootstrap-my-kafka-project.apps-crc.testing/92.242.140.2:443) could not be established. Broker may not be available.
16:59:44.570 [kafka-producer-network-thread | producer-1] WARN o.apache.kafka.clients.NetworkClient - [Producer clientId=producer-1] Error connecting to node my-cluster-kafka-bootstrap-my-kafka-project.apps-crc.testing:443 (id: -1 rack: null)
java.net.UnknownHostException: my-cluster-kafka-bootstrap-my-kafka-project.apps-crc.testing: nodename nor servname provided, or not known
at java.base/java.net.Inet6AddressImpl.lookupAllHostAddr(Native Method)
at java.base/java.net.InetAddress$PlatformNameService.lookupAllHostAddr(InetAddress.java:932)
at java.base/java.net.InetAddress.getAddressesFromNameService(InetAddress.java:1517)
at java.base/java.net.InetAddress$NameServiceAddresses.get(InetAddress.java:851)
at java.base/java.net.InetAddress.getAllByName0(InetAddress.java:1507)
at java.base/java.net.InetAddress.getAllByName(InetAddress.java:1366)
at java.base/java.net.InetAddress.getAllByName(InetAddress.java:1300)
at org.apache.kafka.clients.ClientUtils.resolve(ClientUtils.java:104)
at org.apache.kafka.clients.ClusterConnectionStates$NodeConnectionState.currentAddress(ClusterConnectionStates.java:403)
at org.apache.kafka.clients.ClusterConnectionStates$NodeConnectionState.access$200(ClusterConnectionStates.java:363)
at org.apache.kafka.clients.ClusterConnectionStates.currentAddress(ClusterConnectionStates.java:151)
at org.apache.kafka.clients.NetworkClient.initiateConnect(NetworkClient.java:955)
at org.apache.kafka.clients.NetworkClient.access$600(NetworkClient.java:69)
at org.apache.kafka.clients.NetworkClient$DefaultMetadataUpdater.maybeUpdate(NetworkClient.java:1126)
at org.apache.kafka.clients.NetworkClient$DefaultMetadataUpdater.maybeUpdate(NetworkClient.java:1017)
at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:538)
at org.apache.kafka.clients.producer.internals.Sender.runOnce(Sender.java:335)
at org.apache.kafka.clients.producer.internals.Sender.run(Sender.java:244)
at java.base/java.lang.Thread.run(Thread.java:832)

Answer 7 · 2020-12-10T00:53:34.000Z

will this is an integration issue with openshift cluster. even the openshift cluster in my organization have similar issue

Answer 8 · 2020-12-10T01:55:27.000Z

Also i am using a proxy and i am able to create the CRC router within my VPN . so i dont think that it could be a DNS issue

Answer 9 · 2020-12-10T02:04:38.000Z

Let me debug using javax.net.debug=ssl . my only issue is that the openshift cluster in my laptop goes down once i start running kafka

Answer 10 · 2020-12-10T05:55:13.000Z

I have tried all the below application properties:

javax.net.debug=ssl
enable.ssl.certificate.verification=false
ssl.endpoint.identification.algorithm=

00:26:36.854 [main] INFO com.redhat.kafkademo.Application - Starting Application on LC02CHB58MD6R.US.AD.WELLPOINT.COM with PID 79475 (/Users/af71194/Documents/GitHub/amq-examples/camel-kafka-demo/target/classes started by af71194 in /Users/af71194/Documents/GitHub/amq-examples/camel-kafka-demo)
00:26:36.855 [main] INFO com.redhat.kafkademo.Application - No active profile set, falling back to default profiles: default
00:26:36.908 [main] INFO o.s.b.c.e.AnnotationConfigEmbeddedWebApplicationContext - Refreshing org.springframework.boot.context.embedded.AnnotationConfigEmbeddedWebApplicationContext@342c38f8: startup date [Thu Dec 10 00:26:36 EST 2020]; root of context hierarchy
00:26:37.196 [background-preinit] INFO o.h.validator.internal.util.Version - HV000001: Hibernate Validator 5.3.5.Final-redhat-2
00:26:37.429 [main] INFO o.s.b.f.xml.XmlBeanDefinitionReader - Loading XML bean definitions from class path resource [spring/camel-context.xml]
WARNING: An illegal reflective access operation has occurred
WARNING: Illegal reflective access by com.sun.xml.bind.v2.runtime.reflect.opt.Injector (file:/Users/af71194/.m2/repository/com/sun/xml/bind/jaxb-impl/2.3.0/jaxb-impl-2.3.0.jar) to method java.lang.ClassLoader.defineClass(java.lang.String,byte[],int,int)
WARNING: Please consider reporting this to the maintainers of com.sun.xml.bind.v2.runtime.reflect.opt.Injector
WARNING: Use --illegal-access=warn to enable warnings of further illegal reflective access operations
WARNING: All illegal access operations will be denied in a future release
00:26:38.816 [main] INFO o.s.c.s.PostProcessorRegistrationDelegate$BeanPostProcessorChecker - Bean 'org.apache.camel.spring.boot.CamelAutoConfiguration' of type [org.apache.camel.spring.boot.CamelAutoConfiguration$$EnhancerBySpringCGLIB$$c4fe35ff] is not eligible for getting processed by all BeanPostProcessors (for example: not eligible for auto-proxying)
00:26:39.189 [main] INFO o.s.b.c.e.t.TomcatEmbeddedServletContainer - Tomcat initialized with port(s): 8080 (http)
00:26:39.205 [main] INFO o.a.coyote.http11.Http11NioProtocol - Initializing ProtocolHandler ["http-nio-0.0.0.0-8080"]
00:26:39.210 [main] INFO o.a.catalina.core.StandardService - Starting service Tomcat
00:26:39.210 [main] INFO o.a.catalina.core.StandardEngine - Starting Servlet Engine: Apache Tomcat/8.0.36
00:26:39.303 [localhost-startStop-1] INFO o.a.c.c.C.[Tomcat].[localhost].[/] - Initializing Spring embedded WebApplicationContext
00:26:39.303 [localhost-startStop-1] INFO o.s.web.context.ContextLoader - Root WebApplicationContext: initialization completed in 2401 ms
00:26:39.549 [localhost-startStop-1] INFO o.s.b.w.s.ServletRegistrationBean - Mapping servlet: 'dispatcherServlet' to [/]
00:26:39.551 [localhost-startStop-1] INFO o.s.b.w.s.FilterRegistrationBean - Mapping filter: 'metricsFilter' to: [/]
00:26:39.551 [localhost-startStop-1] INFO o.s.b.w.s.FilterRegistrationBean - Mapping filter: 'characterEncodingFilter' to: [/]
00:26:39.551 [localhost-startStop-1] INFO o.s.b.w.s.FilterRegistrationBean - Mapping filter: 'hiddenHttpMethodFilter' to: [/]
00:26:39.551 [localhost-startStop-1] INFO o.s.b.w.s.FilterRegistrationBean - Mapping filter: 'httpPutFormContentFilter' to: [/]
00:26:39.551 [localhost-startStop-1] INFO o.s.b.w.s.FilterRegistrationBean - Mapping filter: 'requestContextFilter' to: [/]
00:26:39.551 [localhost-startStop-1] INFO o.s.b.w.s.FilterRegistrationBean - Mapping filter: 'webRequestLoggingFilter' to: [/]
00:26:39.551 [localhost-startStop-1] INFO o.s.b.w.s.FilterRegistrationBean - Mapping filter: 'applicationContextIdFilter' to: [/]
00:26:40.051 [main] INFO o.s.w.s.m.m.a.RequestMappingHandlerAdapter - Looking for @ControllerAdvice: org.springframework.boot.context.embedded.AnnotationConfigEmbeddedWebApplicationContext@342c38f8: startup date [Thu Dec 10 00:26:36 EST 2020]; root of context hierarchy
00:26:40.098 [main] INFO o.s.w.s.m.m.a.RequestMappingHandlerMapping - Mapped "{[/error]}" onto public org.springframework.http.ResponseEntity<java.util.Map<java.lang.String, java.lang.Object>> org.springframework.boot.autoconfigure.web.BasicErrorController.error(javax.servlet.http.HttpServletRequest)
00:26:40.098 [main] INFO o.s.w.s.m.m.a.RequestMappingHandlerMapping - Mapped "{[/error],produces=[text/html]}" onto public org.springframework.web.servlet.ModelAndView org.springframework.boot.autoconfigure.web.BasicErrorController.errorHtml(javax.servlet.http.HttpServletRequest,javax.servlet.http.HttpServletResponse)
00:26:40.119 [main] INFO o.s.w.s.h.SimpleUrlHandlerMapping - Mapped URL path [/webjars/] onto handler of type [class org.springframework.web.servlet.resource.ResourceHttpRequestHandler]
00:26:40.119 [main] INFO o.s.w.s.h.SimpleUrlHandlerMapping - Mapped URL path [/] onto handler of type [class org.springframework.web.servlet.resource.ResourceHttpRequestHandler]
00:26:40.144 [main] INFO o.s.w.s.h.SimpleUrlHandlerMapping - Mapped URL path [//favicon.ico] onto handler of type [class org.springframework.web.servlet.resource.ResourceHttpRequestHandler]
00:26:40.206 [main] INFO o.a.c.i.c.DefaultTypeConverter - Type converters loaded (core: 194, classpath: 1)
00:26:40.765 [main] INFO o.s.j.e.a.AnnotationMBeanExporter - Registering beans for JMX exposure on startup
00:26:40.770 [main] INFO o.s.b.a.e.jmx.EndpointMBeanExporter - Registering beans for JMX exposure on startup
00:26:40.772 [main] INFO o.s.b.c.e.AnnotationConfigEmbeddedWebApplicationContext - Refreshing org.springframework.boot.context.embedded.AnnotationConfigEmbeddedWebApplicationContext@5d2bc446: startup date [Thu Dec 10 00:26:40 EST 2020]; parent: org.springframework.boot.context.embedded.AnnotationConfigEmbeddedWebApplicationContext@342c38f8
00:26:40.796 [main] INFO o.s.b.f.s.DefaultListableBeanFactory - Overriding bean definition for bean 'handlerExceptionResolver' with a different definition: replacing [Root bean: class [null]; scope=; abstract=false; lazyInit=false; autowireMode=3; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=org.springframework.web.servlet.config.annotation.DelegatingWebMvcConfiguration; factoryMethodName=handlerExceptionResolver; initMethodName=null; destroyMethodName=(inferred); defined in org.springframework.web.servlet.config.annotation.DelegatingWebMvcConfiguration] with [Root bean: class [null]; scope=; abstract=false; lazyInit=false; autowireMode=3; dependencyCheck=0; autowireCandidate=true; primary=false; factoryBeanName=endpointWebMvcChildContextConfiguration; factoryMethodName=compositeHandlerExceptionResolver; initMethodName=null; destroyMethodName=(inferred); defined in org.springframework.boot.actuate.autoconfigure.EndpointWebMvcChildContextConfiguration]
00:26:40.833 [main] INFO o.s.b.c.e.t.TomcatEmbeddedServletContainer - Tomcat initialized with port(s): 8081 (http)
00:26:40.834 [main] INFO o.a.coyote.http11.Http11NioProtocol - Initializing ProtocolHandler ["http-nio-0.0.0.0-8081"]
00:26:40.835 [main] INFO o.a.catalina.core.StandardService - Starting service Tomcat
00:26:40.835 [main] INFO o.a.catalina.core.StandardEngine - Starting Servlet Engine: Apache Tomcat/8.0.36
00:26:40.844 [localhost-startStop-1] INFO o.a.c.c.C.[Tomcat-1].[localhost].[/] - Initializing Spring embedded WebApplicationContext
00:26:40.844 [localhost-startStop-1] INFO o.s.web.context.ContextLoader - Root WebApplicationContext: initialization completed in 72 ms
00:26:40.846 [localhost-startStop-1] INFO o.s.b.w.s.ServletRegistrationBean - Mapping servlet: 'dispatcherServlet' to [/]
00:26:40.877 [main] INFO o.s.b.a.e.mvc.EndpointHandlerMapping - Mapped "{[/health || /health.json],methods=[GET],produces=[application/vnd.spring-boot.actuator.v1+json || application/json]}" onto public java.lang.Object org.springframework.boot.actuate.endpoint.mvc.HealthMvcEndpoint.invoke(javax.servlet.http.HttpServletRequest,java.security.Principal)
00:26:40.888 [main] INFO o.s.w.s.m.m.a.RequestMappingHandlerMapping - Mapped "{[/error]}" onto public java.util.Map<java.lang.String, java.lang.Object> org.springframework.boot.actuate.endpoint.mvc.ManagementErrorEndpoint.invoke()
00:26:40.893 [main] INFO o.s.w.s.h.SimpleUrlHandlerMapping - Mapped URL path [/webjars/] onto handler of type [class org.springframework.web.servlet.resource.ResourceHttpRequestHandler]
00:26:40.894 [main] INFO o.s.w.s.h.SimpleUrlHandlerMapping - Mapped URL path [/**] onto handler of type [class org.springframework.web.servlet.resource.ResourceHttpRequestHandler]
00:26:40.903 [main] INFO o.s.w.s.m.m.a.RequestMappingHandlerAdapter - Looking for @ControllerAdvice: org.springframework.boot.context.embedded.AnnotationConfigEmbeddedWebApplicationContext@5d2bc446: startup date [Thu Dec 10 00:26:40 EST 2020]; parent: org.springframework.boot.context.embedded.AnnotationConfigEmbeddedWebApplicationContext@342c38f8
00:26:40.939 [main] INFO o.a.c.spring.boot.RoutesCollector - Loading additional Camel XML routes from: classpath:camel/.xml
00:26:40.939 [main] INFO o.a.c.spring.boot.RoutesCollector - Loading additional Camel XML rests from: classpath:camel-rest/*.xml
00:26:40.949 [main] INFO o.a.camel.spring.SpringCamelContext - Apache Camel 2.21.0.fuse-760027-redhat-00001 (CamelContext: MyCamel) is starting
00:26:40.950 [main] INFO o.a.c.m.ManagedManagementStrategy - JMX is enabled
00:26:41.109 [main] INFO o.a.camel.spring.SpringCamelContext - StreamCaching is not in use. If using streams then its recommended to enable stream caching. See more details at http://camel.apache.org/stream-caching.html
00:26:41.155 [main] INFO o.a.k.c.producer.ProducerConfig - ProducerConfig values:
acks = 1
batch.size = 16384
bootstrap.servers = [:443]
buffer.memory = 33554432
client.dns.lookup = default
client.id =
compression.type = none
connections.max.idle.ms = 540000
delivery.timeout.ms = 120000
enable.idempotence = false
interceptor.classes = []
key.serializer = class org.apache.kafka.common.serialization.StringSerializer
linger.ms = 0
max.block.ms = 60000
max.in.flight.requests.per.connection = 5
max.request.size = 1048576
metadata.max.age.ms = 300000
metric.reporters = []
metrics.num.samples = 2
metrics.recording.level = INFO
metrics.sample.window.ms = 30000
partitioner.class = class org.apache.kafka.clients.producer.internals.DefaultPartitioner
receive.buffer.bytes = 65536
reconnect.backoff.max.ms = 1000
reconnect.backoff.ms = 50
request.timeout.ms = 305000
retries = 0
retry.backoff.ms = 100
sasl.client.callback.handler.class = null
sasl.jaas.config = null
sasl.kerberos.kinit.cmd = /usr/bin/kinit
sasl.kerberos.min.time.before.relogin = 60000
sasl.kerberos.service.name = null
sasl.kerberos.ticket.renew.jitter = 0.05
sasl.kerberos.ticket.renew.window.factor = 0.8
sasl.login.callback.handler.class = null
sasl.login.class = null
sasl.login.refresh.buffer.seconds = 300
sasl.login.refresh.min.period.seconds = 60
sasl.login.refresh.window.factor = 0.8
sasl.login.refresh.window.jitter = 0.05
sasl.mechanism = GSSAPI
security.protocol = SSL
security.providers = null
send.buffer.bytes = 131072
ssl.cipher.suites = null
ssl.enabled.protocols = [TLSv1.2, TLSv1.1, TLSv1]
ssl.endpoint.identification.algorithm = https
ssl.key.password = null
ssl.keymanager.algorithm = SunX509
ssl.keystore.location = null
ssl.keystore.password = null
ssl.keystore.type = JKS
ssl.protocol = TLS
ssl.provider = null
ssl.secure.random.implementation = null
ssl.trustmanager.algorithm = PKIX
ssl.truststore.location = /Users/af71194/Documents/GitHub/amq-examples/camel-kafka-demo/src/main/resources/keystore.jks
ssl.truststore.password = [hidden]
ssl.truststore.type = JKS
transaction.timeout.ms = 60000
transactional.id = null
value.serializer = class org.apache.kafka.common.serialization.StringSerializer

00:26:41.175 [main] WARN o.a.k.clients.producer.KafkaProducer - [Producer clientId=producer-1] delivery.timeout.ms should be equal to or larger than linger.ms + request.timeout.ms. Setting it to 305000.
00:26:41.438 [main] INFO o.a.kafka.common.utils.AppInfoParser - Kafka version: 2.4.0.redhat-00005
00:26:41.438 [main] INFO o.a.kafka.common.utils.AppInfoParser - Kafka commitId: bc61f1c575849a1e
00:26:41.438 [main] INFO o.a.kafka.common.utils.AppInfoParser - Kafka startTimeMs: 1607578001437
00:26:41.446 [main] INFO o.a.c.component.kafka.KafkaConsumer - Starting Kafka consumer on topic: my-topic with breakOnFirstError: false
00:26:41.453 [main] INFO o.a.k.c.consumer.ConsumerConfig - ConsumerConfig values:
allow.auto.create.topics = true
auto.commit.interval.ms = 5000
auto.offset.reset = latest
bootstrap.servers = [:443]
check.crcs = true
client.dns.lookup = default
client.id =
client.rack =
connections.max.idle.ms = 540000
default.api.timeout.ms = 60000
enable.auto.commit = true
exclude.internal.topics = true
fetch.max.bytes = 52428800
fetch.max.wait.ms = 500
fetch.min.bytes = 1
group.id = 9133bb4c-afdd-4596-8560-f9feeba549d1
group.instance.id = null
heartbeat.interval.ms = 3000
interceptor.classes = []
internal.leave.group.on.close = true
isolation.level = read_uncommitted
key.deserializer = class org.apache.kafka.common.serialization.StringDeserializer
max.partition.fetch.bytes = 1048576
max.poll.interval.ms = 300000
max.poll.records = 500
metadata.max.age.ms = 300000
metric.reporters = []
metrics.num.samples = 2
metrics.recording.level = INFO
metrics.sample.window.ms = 30000
partition.assignment.strategy = [org.apache.kafka.clients.consumer.RangeAssignor]
receive.buffer.bytes = 65536
reconnect.backoff.max.ms = 1000
reconnect.backoff.ms = 50
request.timeout.ms = 40000
retry.backoff.ms = 100
sasl.client.callback.handler.class = null
sasl.jaas.config = null
sasl.kerberos.kinit.cmd = /usr/bin/kinit
sasl.kerberos.min.time.before.relogin = 60000
sasl.kerberos.service.name = null
sasl.kerberos.ticket.renew.jitter = 0.05
sasl.kerberos.ticket.renew.window.factor = 0.8
sasl.login.callback.handler.class = null
sasl.login.class = null
sasl.login.refresh.buffer.seconds = 300
sasl.login.refresh.min.period.seconds = 60
sasl.login.refresh.window.factor = 0.8
sasl.login.refresh.window.jitter = 0.05
sasl.mechanism = GSSAPI
security.protocol = SSL
security.providers = null
send.buffer.bytes = 131072
session.timeout.ms = 10000
ssl.cipher.suites = null
ssl.enabled.protocols = [TLSv1.2, TLSv1.1, TLSv1]
ssl.endpoint.identification.algorithm = https
ssl.key.password = null
ssl.keymanager.algorithm = SunX509
ssl.keystore.location = null
ssl.keystore.password = null
ssl.keystore.type = JKS
ssl.protocol = TLS
ssl.provider = null
ssl.secure.random.implementation = null
ssl.trustmanager.algorithm = PKIX
ssl.truststore.location = /Users/af71194/Documents/GitHub/amq-examples/camel-kafka-demo/src/main/resources/keystore.jks
ssl.truststore.password = [hidden]
ssl.truststore.type = JKS
value.deserializer = class org.apache.kafka.common.serialization.StringDeserializer

00:26:41.550 [main] INFO o.a.kafka.common.utils.AppInfoParser - Kafka version: 2.4.0.redhat-00005
00:26:41.550 [main] INFO o.a.kafka.common.utils.AppInfoParser - Kafka commitId: bc61f1c575849a1e
00:26:41.550 [main] INFO o.a.kafka.common.utils.AppInfoParser - Kafka startTimeMs: 1607578001550
00:26:41.551 [Camel (MyCamel) thread #1 - KafkaConsumer[my-topic]] INFO o.a.c.component.kafka.KafkaConsumer - Subscribing my-topic-Thread 0 to topic my-topic
00:26:41.551 [Camel (MyCamel) thread #1 - KafkaConsumer[my-topic]] INFO o.a.k.clients.consumer.KafkaConsumer - [Consumer clientId=consumer-9133bb4c-afdd-4596-8560-f9feeba549d1-1, groupId=9133bb4c-afdd-4596-8560-f9feeba549d1] Subscribed to topic(s): my-topic
00:26:41.551 [main] INFO o.a.camel.spring.SpringCamelContext - Route: consumer-route started and consuming from: kafka://my-topic?securityProtocol=SSL&sslTruststoreLocation=%2FUsers%2Faf71194%2FDocuments%2FGitHub%2Famq-examples%2Fcamel-kafka-demo%2Fsrc%2Fmain%2Fresources%2Fkeystore.jks&sslTruststorePassword=xxxxxx
00:26:41.553 [main] INFO o.a.camel.spring.SpringCamelContext - Route: producer-route started and consuming from: timer://foo?period=1000
00:26:41.556 [main] INFO o.a.camel.spring.SpringCamelContext - Total 2 routes, of which 2 are started
00:26:41.557 [main] INFO o.a.camel.spring.SpringCamelContext - Apache Camel 2.21.0.fuse-760027-redhat-00001 (CamelContext: MyCamel) started in 0.607 seconds
00:26:41.557 [main] INFO o.a.coyote.http11.Http11NioProtocol - Starting ProtocolHandler ["http-nio-0.0.0.0-8081"]
00:26:41.560 [main] INFO o.a.tomcat.util.net.NioSelectorPool - Using a shared selector for servlet write/read
00:26:41.566 [main] INFO o.s.b.c.e.t.TomcatEmbeddedServletContainer - Tomcat started on port(s): 8081 (http)
00:26:41.570 [main] INFO o.s.c.s.DefaultLifecycleProcessor - Starting beans in phase 0
00:26:41.576 [main] INFO o.s.b.a.e.jmx.EndpointMBeanExporter - Located managed bean 'healthEndpoint': registering with JMX server as MBean [org.springframework.boot:type=Endpoint,name=healthEndpoint]
00:26:41.601 [main] INFO o.a.coyote.http11.Http11NioProtocol - Starting ProtocolHandler ["http-nio-0.0.0.0-8080"]
00:26:41.602 [main] INFO o.a.tomcat.util.net.NioSelectorPool - Using a shared selector for servlet write/read
00:26:41.603 [main] INFO o.s.b.c.e.t.TomcatEmbeddedServletContainer - Tomcat started on port(s): 8080 (http)
00:26:41.606 [main] INFO com.redhat.kafkademo.Application - Started Application in 5.273 seconds (JVM running for 5.687)
00:26:41.652 [Camel (MyCamel) thread #1 - KafkaConsumer[my-topic]] INFO o.a.kafka.common.network.Selector - [Consumer clientId=consumer-9133bb4c-afdd-4596-8560-f9feeba549d1-1, groupId=9133bb4c-afdd-4596-8560-f9feeba549d1] Failed authentication with localhost/127.0.0.1 (SSL handshake failed)
00:26:41.652 [kafka-producer-network-thread | producer-1] INFO o.a.kafka.common.network.Selector - [Producer clientId=producer-1] Failed authentication with localhost/127.0.0.1 (SSL handshake failed)
00:26:41.655 [kafka-producer-network-thread | producer-1] ERROR o.apache.kafka.clients.NetworkClient - [Producer clientId=producer-1] Connection to node -1 (localhost/127.0.0.1:443) failed authentication due to: SSL handshake failed
00:26:41.655 [Camel (MyCamel) thread #1 - KafkaConsumer[my-topic]] ERROR o.apache.kafka.clients.NetworkClient - [Consumer clientId=consumer-9133bb4c-afdd-4596-8560-f9feeba549d1-1, groupId=9133bb4c-afdd-4596-8560-f9feeba549d1] Connection to node -1 (localhost/127.0.0.1:443) failed authentication due to: SSL handshake failed
00:26:41.712 [Camel (MyCamel) thread #1 - KafkaConsumer[my-topic]] WARN o.a.c.component.kafka.KafkaConsumer - KafkaException consuming my-topic-Thread 0 from topic my-topic. Will attempt to re-connect on next run
00:26:41.716 [Camel (MyCamel) thread #1 - KafkaConsumer[my-topic]] INFO o.a.k.c.consumer.ConsumerConfig - ConsumerConfig values:
allow.auto.create.topics = true
auto.commit.interval.ms = 5000
auto.offset.reset = latest
bootstrap.servers = [:443]
check.crcs = true
client.dns.lookup = default
client.id =
client.rack =
connections.max.idle.ms = 540000
default.api.timeout.ms = 60000
enable.auto.commit = true
exclude.internal.topics = true
fetch.max.bytes = 52428800
fetch.max.wait.ms = 500
fetch.min.bytes = 1
group.id = 9133bb4c-afdd-4596-8560-f9feeba549d1
group.instance.id = null
heartbeat.interval.ms = 3000
interceptor.classes = []
internal.leave.group.on.close = true
isolation.level = read_uncommitted
key.deserializer = class org.apache.kafka.common.serialization.StringDeserializer
max.partition.fetch.bytes = 1048576
max.poll.interval.ms = 300000
max.poll.records = 500
metadata.max.age.ms = 300000
metric.reporters = []
metrics.num.samples = 2
metrics.recording.level = INFO
metrics.sample.window.ms = 30000
partition.assignment.strategy = [org.apache.kafka.clients.consumer.RangeAssignor]
receive.buffer.bytes = 65536
reconnect.backoff.max.ms = 1000
reconnect.backoff.ms = 50
request.timeout.ms = 40000
retry.backoff.ms = 100
sasl.client.callback.handler.class = null
sasl.jaas.config = null
sasl.kerberos.kinit.cmd = /usr/bin/kinit
sasl.kerberos.min.time.before.relogin = 60000
sasl.kerberos.service.name = null
sasl.kerberos.ticket.renew.jitter = 0.05
sasl.kerberos.ticket.renew.window.factor = 0.8
sasl.login.callback.handler.class = null
sasl.login.class = null
sasl.login.refresh.buffer.seconds = 300
sasl.login.refresh.min.period.seconds = 60
sasl.login.refresh.window.factor = 0.8
sasl.login.refresh.window.jitter = 0.05
sasl.mechanism = GSSAPI
security.protocol = SSL
security.providers = null
send.buffer.bytes = 131072
session.timeout.ms = 10000
ssl.cipher.suites = null
ssl.enabled.protocols = [TLSv1.2, TLSv1.1, TLSv1]
ssl.endpoint.identification.algorithm = https
ssl.key.password = null
ssl.keymanager.algorithm = SunX509
ssl.keystore.location = null
ssl.keystore.password = null
ssl.keystore.type = JKS
ssl.protocol = TLS
ssl.provider = null
ssl.secure.random.implementation = null
ssl.trustmanager.algorithm = PKIX
ssl.truststore.location = /Users/af71194/Documents/GitHub/amq-examples/camel-kafka-demo/src/main/resources/keystore.jks
ssl.truststore.password = [hidden]
ssl.truststore.type = JKS
value.deserializer = class org.apache.kafka.common.serialization.StringDeserializer

00:26:41.789 [kafka-producer-network-thread | producer-1] INFO o.a.kafka.common.network.Selector - [Producer clientId=producer-1] Failed authentication with localhost/127.0.0.1 (SSL handshake failed)
00:26:41.789 [kafka-producer-network-thread | producer-1] ERROR o.apache.kafka.clients.NetworkClient - [Producer clientId=producer-1] Connection to node -1 (localhost/127.0.0.1:443) failed authentication due to: SSL handshake failed
00:26:41.809 [Camel (MyCamel) thread #1 - KafkaConsumer[my-topic]] INFO o.a.kafka.common.utils.AppInfoParser - Kafka version: 2.4.0.redhat-00005
00:26:41.809 [Camel (MyCamel) thread #1 - KafkaConsumer[my-topic]] INFO o.a.kafka.common.utils.AppInfoParser - Kafka commitId: bc61f1c575849a1e
00:26:41.809 [Camel (MyCamel) thread #1 - KafkaConsumer[my-topic]] INFO o.a.kafka.common.utils.AppInfoParser - Kafka startTimeMs: 1607578001809
00:26:41.810 [Camel (MyCamel) thread #1 - KafkaConsumer[my-topic]] INFO o.a.c.component.kafka.KafkaConsumer - Reconnecting my-topic-Thread 0 to topic my-topic after 5000 ms
00:26:42.275 [kafka-producer-network-thread | producer-1] INFO o.a.kafka.common.network.Selector - [Producer clientId=producer-1] Failed authentication with localhost/127.0.0.1 (SSL handshake failed)
00:26:42.275 [kafka-producer-network-thread | producer-1] ERROR o.apache.kafka.clients.NetworkClient - [Producer clientId=producer-1] Connection to node -1 (localhost/127.0.0.1:443) failed authentication due to: SSL handshake failed
00:26:42.571 [Camel (MyCamel) thread #2 - timer://foo] ERROR o.a.c.processor.DefaultErrorHandler - Failed delivery for (MessageId: ID-LC02CHB58MD6R-US-AD-WELLPOINT-COM-1607577999654-0-2 on ExchangeId: ID-LC02CHB58MD6R-US-AD-WELLPOINT-COM-1607577999654-0-1). Exhausted after delivery attempt: 1 caught: org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed

Message History

RouteId ProcessorId Processor Elapsed (ms)
[producer-route ] [producer-route ] [timer://foo?period=1000 ] [ 8]
[producer-route ] [route-setBody ] [setBody[simple{Hello World from camel-context.xml with ID ${id}}] ] [ 3]
[producer-route ] [_kafka1 ] [kafka:my-topic?securityProtocol=SSL&sslTruststoreLocation=/Users/af71194/Docum] [ 3]

Stacktrace

org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed
Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:369)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:312)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:307)
at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:654)
at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.onCertificate(CertificateMessage.java:473)
at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.consume(CertificateMessage.java:369)
at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396)
at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480)
at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1267)
at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1254)
at java.base/java.security.AccessController.doPrivileged(AccessController.java:691)
at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1199)
at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:402)
at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:484)
at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:340)
at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:265)
at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:170)
at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:547)
at org.apache.kafka.common.network.Selector.poll(Selector.java:483)
at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:540)
at org.apache.kafka.clients.producer.internals.Sender.runOnce(Sender.java:335)
at org.apache.kafka.clients.producer.internals.Sender.run(Sender.java:244)
at java.base/java.lang.Thread.run(Thread.java:832)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439)
at java.base/sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306)
at java.base/sun.security.validator.Validator.validate(Validator.java:264)
at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285)
at java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144)
at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:632)
... 19 common frames omitted
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at java.base/sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
at java.base/sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
at java.base/java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297)
at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434)
... 24 common frames omitted
00:26:42.572 [Camel (MyCamel) thread #2 - timer://foo] WARN o.a.c.component.timer.TimerConsumer - Error processing exchange. Exchange[ID-LC02CHB58MD6R-US-AD-WELLPOINT-COM-1607577999654-0-1]. Caused by: [org.apache.kafka.common.errors.SslAuthenticationException - SSL handshake failed]
org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed
Caused by: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:369)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:312)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:307)
at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:654)
at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.onCertificate(CertificateMessage.java:473)
at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.consume(CertificateMessage.java:369)
at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396)
at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480)
at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1267)
at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1254)
at java.base/java.security.AccessController.doPrivileged(AccessController.java:691)
at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1199)
at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:402)
at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:484)
at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:340)
at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:265)
at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:170)
at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:547)
at org.apache.kafka.common.network.Selector.poll(Selector.java:483)
at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:540)
at org.apache.kafka.clients.producer.internals.Sender.runOnce(Sender.java:335)
at org.apache.kafka.clients.producer.internals.Sender.run(Sender.java:244)
at java.base/java.lang.Thread.run(Thread.java:832)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439)
at java.base/sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306)
at java.base/sun.security.validator.Validator.validate(Validator.java:264)
at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285)
at java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144)
at java.base/sun.security.ssl.CertificateMessage$T12CertificateConsumer.checkServerCerts(CertificateMessage.java:632)
... 19 common frames omitted
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at java.base/sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
at java.base/sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
at java.base/java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297)
at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434)
... 24 common frames omitted
00:26:43.234 [kafka-producer-network-thread | producer-1] INFO o.a.kafka.common.network.Selector - [Producer clientId=producer-1] Failed authentication with localhost/127.0.0.1 (SSL handshake failed)
00:26:43.235 [kafka-producer-network-thread | producer-1] ERROR o.apache.kafka.clients.NetworkClient - [Producer clientId=producer-1] Connection to node -1 (localhost/127.0.0.1:443) failed authentication due to: SSL handshake failed
00:26:43.562 [Camel (MyCamel) thread #2 - timer://foo] ERROR o.a.c.processor.DefaultErrorHandler - Failed delivery for (MessageId: ID-LC02CHB58MD6R-US-AD-WELLPOINT-COM-1607577999654-0-4 on ExchangeId: ID-LC02CHB58MD6R-US-AD-WELLPOINT-COM-1607577999654-0-3). Exhausted after delivery attempt: 1 caught: org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed

Answer 11 · 2020-12-10T06:10:22.000Z

Hello World from camel-context.xml with ID ${id}

Answer 12 · 2020-12-10T23:09:49.000Z

@ckvtvm-arch from the last stacktrace it looks like the route is not being correctly configured in the client producer and consumer:

bootstrap.servers = [:443]

Here you should be having your OpenShift route for the kafka bootstrap server. In the other stacktrace it looks like you were able to connect but the topic didn't exist. Where you connected to a different cluster? The example should create the topic before you run the app.

Can you try to check that the hostname is correct?

Answer 13 · 2020-12-13T00:16:21.000Z

thank you, i will check and get back to you