文章/答案/技术大牛

发布

社区首页 >问答首页 >当EnableSslCertificateVerification设置为true (合流卡夫卡)-证书验证失败

问当EnableSslCertificateVerification设置为true (合流卡夫卡)-证书验证失败
EN

Stack Overflow用户

提问于 2020-08-07 22:41:23

回答 1查看 3K关注 0票数 0

我正在Windows上运行我的客户端，并且能够验证CA权限是否存在，并且在受信任的根证书颁发机构中有效。

"Dev-on-Windows": {
      "commandName": "Project",
      "environmentVariables": {
        "Kafka__BootstrapServers": "myloadbalancer.myhost.corp:9094",
        "Kafka__EnableSslCertificateVerification": "true",
        "Kafka__SchemaRegistryUrl": "myschemareg.myhost.corp:8081,myschemreg2.myhost.corp:8081",
        "Kafka__SecurityProtocol": "SaslSsl",
        "Kafka__SaslMechanism": "Gssapi",       
        "Kafka__ClientId": "DotNetCoreReferenceApplication",
        "Kafka__ErrorTolerance": "Moderate",
        "Kafka__Debug" : "all",
        "ASPNETCORE_ENVIRONMENT": "Development"
      },
      "applicationUrl": "https://localhost:5001;http://localhost:5000"
    },

当我禁用SSL验证时，发布和使用消息非常有效。但是，当启用时，我会得到错误

SSL handshake failed: .\ssl\s3_clnt.c:1269: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed:  (after 73ms in state CONNECT)

我试过的是：

我怀疑用户帐户可能无法访问CA存储，所以我使用我的个人帐户(相对于服务主体)运行了应用程序，并遇到了同样的问题。

我还试图导出该证书，并将其放在运行.NET核心应用程序的目录中，但它也失败了。我试图使用SslCaLocation指向目录，但是它没有工作。

更新这里是调试日志

[18:12:40 Debug][1]  MyService.Messaging.Kafka.EventBusConsumer
[thrd:app]: Selected provider Win32 SSPI for SASL mechanism GSSAPI

[18:12:40 Debug][1]  MyService.Messaging.Kafka.EventBusConsumer
[thrd:app]: librdkafka built with OpenSSL version 0x1000212f

[18:12:40 Debug][1]  MyService.Messaging.Kafka.EventBusConsumer
[thrd:app]: 72/73 certificate(s) successfully added from Windows Certificate Root store

[18:12:44 Debug][1]  MyService.Messaging.Kafka.EventBusConsumer
[thrd:app]: Group "BL-9HQ76S2.consumerGroup1": updating member id "(not-set)" -> ""

[18:12:44 Debug][1]  MyService.Messaging.Kafka.EventBusConsumer
[thrd:app]: GroupCoordinator: Enabled low-latency ops queue wake-ups

[18:12:44 Debug][1]  MyService.Messaging.Kafka.EventBusConsumer
[thrd:app]: GroupCoordinator: Added new broker with NodeId -1

[18:12:44 Debug][8]  MyService.Messaging.Kafka.EventBusConsumer
[thrd:GroupCoordinator]: GroupCoordinator: Enter main broker thread

[18:12:44 Debug][9]  MyService.Messaging.Kafka.EventBusConsumer
[thrd::0/internal]: :0/internal: Enter main broker thread

[18:12:44 Debug][1]  MyService.Messaging.Kafka.EventBusConsumer
[thrd:app]: sasl_ssl://brokern20p.domain.MyService.corp:9094/bootstrap: Enabled low-latency ops queue wake-ups

[18:12:44 Debug][1]  MyService.Messaging.Kafka.EventBusConsumer
[thrd:app]: sasl_ssl://brokern20p.domain.MyService.corp:9094/bootstrap: Added new broker with NodeId -1

[18:12:44 Debug][10]  MyService.Messaging.Kafka.EventBusConsumer
[thrd:sasl_ssl://brokern20p.domain.MyService.corp:9094/bootstrap]: sasl_ssl://brokern20p.domain.MyService.corp:9094/bootstrap: Enter main broker thread

[18:12:44 Debug][1]  MyService.Messaging.Kafka.EventBusConsumer
[thrd:app]: sasl_ssl://brokern21p.domain.MyService.corp:9094/bootstrap: Enabled low-latency ops queue wake-ups

[18:12:44 Debug][1]  MyService.Messaging.Kafka.EventBusConsumer
[thrd:app]: sasl_ssl://brokern21p.domain.MyService.corp:9094/bootstrap: Added new broker with NodeId -1

[18:12:44 Debug][11]  MyService.Messaging.Kafka.EventBusConsumer
[thrd:sasl_ssl://brokern21p.domain.MyService.corp:9094/bootstrap]: sasl_ssl://brokern21p.domain.MyService.corp:9094/bootstrap: Enter main broker thread

[18:12:44 Debug][1]  MyService.Messaging.Kafka.EventBusConsumer
[thrd:app]: sasl_ssl://brokern22p.domain.MyService.corp:9094/bootstrap: Enabled low-latency ops queue wake-ups

[18:12:44 Debug][1]  MyService.Messaging.Kafka.EventBusConsumer
[thrd:app]: sasl_ssl://brokern22p.domain.MyService.corp:9094/bootstrap: Added new broker with NodeId -1

[18:12:44 Debug][1]  MyService.Messaging.Kafka.EventBusConsumer
[thrd:app]: librdkafka v1.4.2 (0x10402ff) DotNetCoreReferenceApplication-BL-9HQ76S2#consumer-1 initialized (builtin.features gzip,snappy,ssl,sasl,regex,lz4,sasl_gssapi,sasl_plain,sasl_scram,plugins,zstd,sasl_oauthbearer, SSL ZLIB SNAPPY SASL_SCRAM PLUGINS HDRHISTOGRAM, debug 0xfffff)

[18:12:44 Debug][12]  MyService.Messaging.Kafka.EventBusConsumer
[thrd:sasl_ssl://brokern22p.domain.MyService.corp:9094/bootstrap]: sasl_ssl://brokern22p.domain.MyService.corp:9094/bootstrap: Enter main broker thread

[18:12:44 Debug][13]  MyService.Messaging.Kafka.EventBusConsumer
[thrd:main]: Group "BL-9HQ76S2.consumerGroup1" received op SUBSCRIBE (v0) in state init (join state init, v1 vs 0)

[18:12:44 Debug][13]  MyService.Messaging.Kafka.EventBusConsumer
[thrd:main]: Group "BL-9HQ76S2.consumerGroup1": subscribe to new subscription of 1 topics (join state init)

[18:12:44 Debug][13]  MyService.Messaging.Kafka.EventBusConsumer
[thrd:main]: Group "BL-9HQ76S2.consumerGroup1": unsubscribe from current unset subscription of 0 topics (leave group=no, join state init, v1)

[18:12:44 Debug][13]  MyService.Messaging.Kafka.EventBusConsumer
[thrd:main]: Group "BL-9HQ76S2.consumerGroup1": resetting group leader info: unsubscribe

[18:12:44 Debug][13]  MyService.Messaging.Kafka.EventBusConsumer
[thrd:main]: Group "BL-9HQ76S2.consumerGroup1" is rebalancing in state init (join-state init) without assignment: unsubscribe

[18:12:44 Debug][13]  MyService.Messaging.Kafka.EventBusConsumer
[thrd:main]: Group "BL-9HQ76S2.consumerGroup1" changed join state init -> wait-unassign (v1, state init)

[18:12:44 Debug][13]  MyService.Messaging.Kafka.EventBusConsumer
[thrd:main]: Group "BL-9HQ76S2.consumerGroup1": unassign done in state init (join state wait-unassign): without new assignment: unassign (no previous assignment)

[18:12:44 Debug][13]  MyService.Messaging.Kafka.EventBusConsumer
[thrd:main]: Group "BL-9HQ76S2.consumerGroup1" changed join state wait-unassign -> init (v1, state init)

[18:12:44 Debug][13]  MyService.Messaging.Kafka.EventBusConsumer
[thrd:main]: Group "BL-9HQ76S2.consumerGroup1" changed state init -> query-coord (v1, join-state init)

[18:12:44 Debug][13]  MyService.Messaging.Kafka.EventBusConsumer
[thrd:main]: Broadcasting state change

[18:12:44 Debug][13]  MyService.Messaging.Kafka.EventBusConsumer
[thrd:main]: sasl_ssl://brokern22p.domain.MyService.corp:9094/bootstrap: Selected for cluster connection: coordinator query (broker has 0 connection attempt(s))

[18:12:44 Debug][13]  MyService.Messaging.Kafka.EventBusConsumer
[thrd:main]: Group "BL-9HQ76S2.consumerGroup1": no broker available for coordinator query: intervaled in state query-coord

[18:12:44 Debug][12]  MyService.Messaging.Kafka.EventBusConsumer
[thrd:sasl_ssl://brokern22p.domain.MyService.corp:9094/bootstrap]: sasl_ssl://brokern22p.domain.MyService.corp:9094/bootstrap: Received CONNECT op

[18:12:44 Debug][13]  MyService.Messaging.Kafka.EventBusConsumer
[thrd:main]: Group "BL-9HQ76S2.consumerGroup1" received op GET_SUBSCRIPTION (v0) in state query-coord (join state init, v1 vs 0)

[18:12:44 Debug][12]  MyService.Messaging.Kafka.EventBusConsumer
[thrd:sasl_ssl://brokern22p.domain.MyService.corp:9094/bootstrap]: sasl_ssl://brokern22p.domain.MyService.corp:9094/bootstrap: Broker changed state INIT -> TRY_CONNECT

[18:12:44 Debug][12]  MyService.Messaging.Kafka.EventBusConsumer
[thrd:sasl_ssl://brokern22p.domain.MyService.corp:9094/bootstrap]: Broadcasting state change

[18:12:44 Debug][1]  MyService.Messaging.Kafka.EventBusConsumer
Confluent.Kafka.Consumer`2[System.String,System.String] subscribed to: [SchemaLess_v1]

[18:12:44 Debug][12]  MyService.Messaging.Kafka.EventBusConsumer
[thrd:sasl_ssl://brokern22p.domain.MyService.corp:9094/bootstrap]: sasl_ssl://brokern22p.domain.MyService.corp:9094/bootstrap: broker in state TRY_CONNECT connecting

[18:12:44 Debug][12]  MyService.Messaging.Kafka.EventBusConsumer
[thrd:sasl_ssl://brokern22p.domain.MyService.corp:9094/bootstrap]: sasl_ssl://brokern22p.domain.MyService.corp:9094/bootstrap: Broker changed state TRY_CONNECT -> CONNECT

[18:12:44 Debug][12]  MyService.Messaging.Kafka.EventBusConsumer
[thrd:sasl_ssl://brokern22p.domain.MyService.corp:9094/bootstrap]: Broadcasting state change

[18:12:44 Debug][1]  MyService.Messaging.Kafka.EventBusConsumer
[thrd:app]: Selected provider Win32 SSPI for SASL mechanism GSSAPI

[18:12:44 Debug][1]  MyService.Messaging.Kafka.EventBusConsumer
[thrd:app]: librdkafka built with OpenSSL version 0x1000212f

[18:12:44 Debug][1]  MyService.Messaging.Kafka.EventBusConsumer
[thrd:app]: 72/73 certificate(s) successfully added from Windows Certificate Root store

[18:12:44 Debug][12]  MyService.Messaging.Kafka.EventBusConsumer
[thrd:sasl_ssl://brokern22p.domain.MyService.corp:9094/bootstrap]: sasl_ssl://brokern22p.domain.MyService.corp:9094/bootstrap: Connecting to ipv4#10.3.232.208:9094 (sasl_ssl) with socket 2448

[18:12:44 Debug][1]  MyService.Messaging.Kafka.EventBusConsumer
[thrd:app]: Group "BL-9HQ76S2.cheetahConsumerGroup1": updating member id "(not-set)" -> ""

[18:12:44 Debug][1]  MyService.Messaging.Kafka.EventBusConsumer
[thrd:app]: GroupCoordinator: Enabled low-latency ops queue wake-ups

[18:12:44 Debug][1]  MyService.Messaging.Kafka.EventBusConsumer
[thrd:app]: GroupCoordinator: Added new broker with NodeId -1

[18:12:44 Debug][14]  MyService.Messaging.Kafka.EventBusConsumer
[thrd:GroupCoordinator]: GroupCoordinator: Enter main broker thread

[18:12:44 Debug][15]  MyService.Messaging.Kafka.EventBusConsumer
[thrd::0/internal]: :0/internal: Enter main broker thread

[18:12:44 Debug][1]  MyService.Messaging.Kafka.EventBusConsumer
[thrd:app]: sasl_ssl://brokern20p.domain.MyService.corp:9094/bootstrap: Enabled low-latency ops queue wake-ups

[18:12:44 Debug][1]  MyService.Messaging.Kafka.EventBusConsumer
[thrd:app]: sasl_ssl://brokern20p.domain.MyService.corp:9094/bootstrap: Added new broker with NodeId -1

[18:12:44 Debug][16]  MyService.Messaging.Kafka.EventBusConsumer
[thrd:sasl_ssl://brokern20p.domain.MyService.corp:9094/bootstrap]: sasl_ssl://brokern20p.domain.MyService.corp:9094/bootstrap: Enter main broker thread

[18:12:44 Debug][1]  MyService.Messaging.Kafka.EventBusConsumer
[thrd:app]: sasl_ssl://brokern21p.domain.MyService.corp:9094/bootstrap: Enabled low-latency ops queue wake-ups

[18:12:44 Debug][12]  MyService.Messaging.Kafka.EventBusConsumer
[thrd:sasl_ssl://brokern22p.domain.MyService.corp:9094/bootstrap]: sasl_ssl://brokern22p.domain.MyService.corp:9094/bootstrap: Connected to ipv4#10.3.232.208:9094

[18:12:44 Debug][1]  MyService.Messaging.Kafka.EventBusConsumer
[thrd:app]: sasl_ssl://brokern21p.domain.MyService.corp:9094/bootstrap: Added new broker with NodeId -1

[18:12:44 Debug][17]  MyService.Messaging.Kafka.EventBusConsumer
[thrd:sasl_ssl://brokern21p.domain.MyService.corp:9094/bootstrap]: sasl_ssl://brokern21p.domain.MyService.corp:9094/bootstrap: Enter main broker thread

[18:12:44 Debug][1]  MyService.Messaging.Kafka.EventBusConsumer
[thrd:app]: sasl_ssl://brokern22p.domain.MyService.corp:9094/bootstrap: Enabled low-latency ops queue wake-ups

[18:12:44 Debug][1]  MyService.Messaging.Kafka.EventBusConsumer
[thrd:app]: sasl_ssl://brokern22p.domain.MyService.corp:9094/bootstrap: Added new broker with NodeId -1

[18:12:44 Debug][1]  MyService.Messaging.Kafka.EventBusConsumer
[thrd:app]: librdkafka v1.4.2 (0x10402ff) DotNetCoreReferenceApplication-BL-9HQ76S2#consumer-2 initialized (builtin.features gzip,snappy,ssl,sasl,regex,lz4,sasl_gssapi,sasl_plain,sasl_scram,plugins,zstd,sasl_oauthbearer, SSL ZLIB SNAPPY SASL_SCRAM PLUGINS HDRHISTOGRAM, debug 0xfffff)

[18:12:44 Debug][18]  MyService.Messaging.Kafka.EventBusConsumer
[thrd:sasl_ssl://brokern22p.domain.MyService.corp:9094/bootstrap]: sasl_ssl://brokern22p.domain.MyService.corp:9094/bootstrap: Enter main broker thread

[18:12:44 Debug][19]  MyService.Messaging.Kafka.EventBusConsumer
[thrd:main]: Group "BL-9HQ76S2.cheetahConsumerGroup1" received op SUBSCRIBE (v0) in state init (join state init, v1 vs 0)

[18:12:44 Debug][19]  MyService.Messaging.Kafka.EventBusConsumer
[thrd:main]: Group "BL-9HQ76S2.cheetahConsumerGroup1": subscribe to new subscription of 1 topics (join state init)

[18:12:44 Debug][19]  MyService.Messaging.Kafka.EventBusConsumer
[thrd:main]: Group "BL-9HQ76S2.cheetahConsumerGroup1": unsubscribe from current unset subscription of 0 topics (leave group=no, join state init, v1)

[18:12:44 Debug][19]  MyService.Messaging.Kafka.EventBusConsumer
[thrd:main]: Group "BL-9HQ76S2.cheetahConsumerGroup1": resetting group leader info: unsubscribe

[18:12:44 Debug][19]  MyService.Messaging.Kafka.EventBusConsumer
[thrd:main]: Group "BL-9HQ76S2.cheetahConsumerGroup1" is rebalancing in state init (join-state init) without assignment: unsubscribe

[18:12:44 Debug][12]  MyService.Messaging.Kafka.EventBusConsumer
[thrd:sasl_ssl://brokern22p.domain.MyService.corp:9094/bootstrap]: sasl_ssl://brokern22p.domain.MyService.corp:9094/bootstrap: failed: err: Local: SSL error: (errno: No error)

[18:12:44 Debug][19]  MyService.Messaging.Kafka.EventBusConsumer
[thrd:main]: Group "BL-9HQ76S2.cheetahConsumerGroup1" changed join state init -> wait-unassign (v1, state init)

[18:12:44 Debug][12]  MyService.Messaging.Kafka.EventBusConsumer
[thrd:sasl_ssl://brokern22p.domain.MyService.corp:9094/bootstrap]: sasl_ssl://brokern22p.domain.MyService.corp:9094/bootstrap: Broker changed state CONNECT -> DOWN

[18:12:44 Debug][19]  MyService.Messaging.Kafka.EventBusConsumer
[thrd:main]: Group "BL-9HQ76S2.cheetahConsumerGroup1": unassign done in state init (join state wait-unassign): without new assignment: unassign (no previous assignment)

[18:12:44 Debug][12]  MyService.Messaging.Kafka.EventBusConsumer
[thrd:sasl_ssl://brokern22p.domain.MyService.corp:9094/bootstrap]: Broadcasting state change

[18:12:44 Debug][19]  MyService.Messaging.Kafka.EventBusConsumer
[thrd:main]: Group "BL-9HQ76S2.cheetahConsumerGroup1" changed join state wait-unassign -> init (v1, state init)

[18:12:44 Debug][12]  MyService.Messaging.Kafka.EventBusConsumer
[thrd:sasl_ssl://brokern22p.domain.MyService.corp:9094/bootstrap]: sasl_ssl://brokern22p.domain.MyService.corp:9094/bootstrap: Purging bufq with 0 buffers

[18:12:44 Debug][19]  MyService.Messaging.Kafka.EventBusConsumer
[thrd:main]: Group "BL-9HQ76S2.cheetahConsumerGroup1" changed state init -> query-coord (v1, join-state init)

[18:12:44 Debug][12]  MyService.Messaging.Kafka.EventBusConsumer
[thrd:sasl_ssl://brokern22p.domain.MyService.corp:9094/bootstrap]: sasl_ssl://brokern22p.domain.MyService.corp:9094/bootstrap: Purging bufq with 0 buffers

[18:12:44 Debug][19]  MyService.Messaging.Kafka.EventBusConsumer
[thrd:main]: Broadcasting state change

[18:12:44 Debug][12]  MyService.Messaging.Kafka.EventBusConsumer
[thrd:sasl_ssl://brokern22p.domain.MyService.corp:9094/bootstrap]: sasl_ssl://brokern22p.domain.MyService.corp:9094/bootstrap: Updating 0 buffers on connection reset

[18:12:44 Debug][19]  MyService.Messaging.Kafka.EventBusConsumer
[thrd:main]: sasl_ssl://brokern22p.domain.MyService.corp:9094/bootstrap: Selected for cluster connection: coordinator query (broker has 0 connection attempt(s))

[18:12:44 Debug][12]  MyService.Messaging.Kafka.EventBusConsumer
[thrd:sasl_ssl://brokern22p.domain.MyService.corp:9094/bootstrap]: sasl_ssl://brokern22p.domain.MyService.corp:9094/bootstrap: Broker changed state DOWN -> INIT

[18:12:44 Debug][19]  MyService.Messaging.Kafka.EventBusConsumer
[thrd:main]: Group "BL-9HQ76S2.cheetahConsumerGroup1": no broker available for coordinator query: intervaled in state query-coord

[18:12:44 Debug][18]  MyService.Messaging.Kafka.EventBusConsumer
[thrd:sasl_ssl://brokern22p.domain.MyService.corp:9094/bootstrap]: sasl_ssl://brokern22p.domain.MyService.corp:9094/bootstrap: Received CONNECT op

[18:12:44 Debug][12]  MyService.Messaging.Kafka.EventBusConsumer
[thrd:sasl_ssl://brokern22p.domain.MyService.corp:9094/bootstrap]: Broadcasting state change

[18:12:44 Debug][19]  MyService.Messaging.Kafka.EventBusConsumer
[thrd:main]: Group "BL-9HQ76S2.cheetahConsumerGroup1" received op GET_SUBSCRIPTION (v0) in state query-coord (join state init, v1 vs 0)

[18:12:44 Debug][18]  MyService.Messaging.Kafka.EventBusConsumer
[thrd:sasl_ssl://brokern22p.domain.MyService.corp:9094/bootstrap]: sasl_ssl://brokern22p.domain.MyService.corp:9094/bootstrap: Broker changed state INIT -> TRY_CONNECT

[18:12:44 Debug][1]  MyService.Messaging.Kafka.EventBusConsumer
Confluent.Kafka.Consumer`2[System.String,MyService.sample_app.Sample] subscribed to: [bl-cheetah]

[18:12:44 Debug][18]  MyService.Messaging.Kafka.EventBusConsumer
[thrd:sasl_ssl://brokern22p.domain.MyService.corp:9094/bootstrap]: Broadcasting state change

[18:12:44 Debug][1]  MyService.Messaging.Kafka.EventBusConsumer
[thrd:app]: Selected provider Win32 SSPI for SASL mechanism GSSAPI

[18:12:44 Debug][18]  MyService.Messaging.Kafka.EventBusConsumer
[thrd:sasl_ssl://brokern22p.domain.MyService.corp:9094/bootstrap]: sasl_ssl://brokern22p.domain.MyService.corp:9094/bootstrap: broker in state TRY_CONNECT connecting

[18:12:44 Debug][1]  MyService.Messaging.Kafka.EventBusConsumer
[thrd:app]: librdkafka built with OpenSSL version 0x1000212f

[18:12:44 Debug][18]  MyService.Messaging.Kafka.EventBusConsumer
[thrd:sasl_ssl://brokern22p.domain.MyService.corp:9094/bootstrap]: sasl_ssl://brokern22p.domain.MyService.corp:9094/bootstrap: Broker changed state TRY_CONNECT -> CONNECT

[18:12:44 Debug][18]  MyService.Messaging.Kafka.EventBusConsumer
[thrd:sasl_ssl://brokern22p.domain.MyService.corp:9094/bootstrap]: Broadcasting state change

[18:12:44 Debug][18]  MyService.Messaging.Kafka.EventBusConsumer
[thrd:sasl_ssl://brokern22p.domain.MyService.corp:9094/bootstrap]: sasl_ssl://brokern22p.domain.MyService.corp:9094/bootstrap: Connecting to ipv4#10.3.232.208:9094 (sasl_ssl) with socket 2740

[18:12:44 Debug][1]  MyService.Messaging.Kafka.EventBusConsumer
[thrd:app]: 72/73 certificate(s) successfully added from Windows Certificate Root store

[18:12:44 Debug][1]  MyService.Messaging.Kafka.EventBusConsumer
[thrd:app]: Group "BL-9HQ76S2.pumaConsumerGroup1": updating member id "(not-set)" -> ""

[18:12:44 Debug][1]  MyService.Messaging.Kafka.EventBusConsumer
[thrd:app]: GroupCoordinator: Enabled low-latency ops queue wake-ups

[18:12:44 Debug][1]  MyService.Messaging.Kafka.EventBusConsumer
[thrd:app]: GroupCoordinator: Added new broker with NodeId -1

[18:12:44 Debug][20]  MyService.Messaging.Kafka.EventBusConsumer
[thrd:GroupCoordinator]: GroupCoordinator: Enter main broker thread

[18:12:44 Debug][21]  MyService.Messaging.Kafka.EventBusConsumer
[thrd::0/internal]: :0/internal: Enter main broker thread

[18:12:44 Debug][1]  MyService.Messaging.Kafka.EventBusConsumer
[thrd:app]: sasl_ssl://brokern20p.domain.MyService.corp:9094/bootstrap: Enabled low-latency ops queue wake-ups

[18:12:44 Debug][1]  MyService.Messaging.Kafka.EventBusConsumer
[thrd:app]: sasl_ssl://brokern20p.domain.MyService.corp:9094/bootstrap: Added new broker with NodeId -1

[18:12:44 Debug][22]  MyService.Messaging.Kafka.EventBusConsumer
[thrd:sasl_ssl://brokern20p.domain.MyService.corp:9094/bootstrap]: sasl_ssl://brokern20p.domain.MyService.corp:9094/bootstrap: Enter main broker thread

[18:12:44 Debug][1]  MyService.Messaging.Kafka.EventBusConsumer
[thrd:app]: sasl_ssl://brokern21p.domain.MyService.corp:9094/bootstrap: Enabled low-latency ops queue wake-ups

[18:12:44 Debug][1]  MyService.Messaging.Kafka.EventBusConsumer
[thrd:app]: sasl_ssl://brokern21p.domain.MyService.corp:9094/bootstrap: Added new broker with NodeId -1

[18:12:44 Debug][23]  MyService.Messaging.Kafka.EventBusConsumer
[thrd:sasl_ssl://brokern21p.domain.MyService.corp:9094/bootstrap]: sasl_ssl://brokern21p.domain.MyService.corp:9094/bootstrap: Enter main broker thread

[18:12:44 Debug][1]  MyService.Messaging.Kafka.EventBusConsumer
[thrd:app]: sasl_ssl://brokern22p.domain.MyService.corp:9094/bootstrap: Enabled low-latency ops queue wake-ups

[18:12:44 Debug][1]  MyService.Messaging.Kafka.EventBusConsumer
[thrd:app]: sasl_ssl://brokern22p.domain.MyService.corp:9094/bootstrap: Added new broker with NodeId -1

[18:12:44 Debug][1]  MyService.Messaging.Kafka.EventBusConsumer
[thrd:app]: librdkafka v1.4.2 (0x10402ff) DotNetCoreReferenceApplication-BL-9HQ76S2#consumer-3 initialized (builtin.features gzip,snappy,ssl,sasl,regex,lz4,sasl_gssapi,sasl_plain,sasl_scram,plugins,zstd,sasl_oauthbearer, SSL ZLIB SNAPPY SASL_SCRAM PLUGINS HDRHISTOGRAM, debug 0xfffff)

[18:12:44 Debug][24]  MyService.Messaging.Kafka.EventBusConsumer
[thrd:sasl_ssl://brokern22p.domain.MyService.corp:9094/bootstrap]: sasl_ssl://brokern22p.domain.MyService.corp:9094/bootstrap: Enter main broker thread

[18:12:44 Debug][25]  MyService.Messaging.Kafka.EventBusConsumer
[thrd:main]: Group "BL-9HQ76S2.pumaConsumerGroup1" received op SUBSCRIBE (v0) in state init (join state init, v1 vs 0)

[18:12:44 Debug][18]  MyService.Messaging.Kafka.EventBusConsumer
[thrd:sasl_ssl://brokern22p.domain.MyService.corp:9094/bootstrap]: sasl_ssl://brokern22p.domain.MyService.corp:9094/bootstrap: Connected to ipv4#10.3.232.208:9094

[18:12:44 Debug][25]  MyService.Messaging.Kafka.EventBusConsumer
[thrd:main]: Group "BL-9HQ76S2.pumaConsumerGroup1": subscribe to new subscription of 1 topics (join state init)

[18:12:44 Debug][25]  MyService.Messaging.Kafka.EventBusConsumer
[thrd:main]: Group "BL-9HQ76S2.pumaConsumerGroup1": unsubscribe from current unset subscription of 0 topics (leave group=no, join state init, v1)

[18:12:44 Debug][25]  MyService.Messaging.Kafka.EventBusConsumer
[thrd:main]: Group "BL-9HQ76S2.pumaConsumerGroup1": resetting group leader info: unsubscribe

[18:12:44 Debug][25]  MyService.Messaging.Kafka.EventBusConsumer
[thrd:main]: Group "BL-9HQ76S2.pumaConsumerGroup1" is rebalancing in state init (join-state init) without assignment: unsubscribe

[18:12:44 Debug][25]  MyService.Messaging.Kafka.EventBusConsumer
[thrd:main]: Group "BL-9HQ76S2.pumaConsumerGroup1" changed join state init -> wait-unassign (v1, state init)

[18:12:44 Debug][25]  MyService.Messaging.Kafka.EventBusConsumer
[thrd:main]: Group "BL-9HQ76S2.pumaConsumerGroup1": unassign done in state init (join state wait-unassign): without new assignment: unassign (no previous assignment)

[18:12:44 Debug][25]  MyService.Messaging.Kafka.EventBusConsumer
[thrd:main]: Group "BL-9HQ76S2.pumaConsumerGroup1" changed join state wait-unassign -> init (v1, state init)

[18:12:44 Debug][25]  MyService.Messaging.Kafka.EventBusConsumer
[thrd:main]: Group "BL-9HQ76S2.pumaConsumerGroup1" changed state init -> query-coord (v1, join-state init)

[18:12:44 Debug][25]  MyService.Messaging.Kafka.EventBusConsumer
[thrd:main]: Broadcasting state change

[18:12:44 Debug][25]  MyService.Messaging.Kafka.EventBusConsumer
[thrd:main]: sasl_ssl://brokern22p.domain.MyService.corp:9094/bootstrap: Selected for cluster connection: coordinator query (broker has 0 connection attempt(s))

[18:12:44 Debug][18]  MyService.Messaging.Kafka.EventBusConsumer
[thrd:sasl_ssl://brokern22p.domain.MyService.corp:9094/bootstrap]: sasl_ssl://brokern22p.domain.MyService.corp:9094/bootstrap: failed: err: Local: SSL error: (errno: No error)

[18:12:44 Debug][25]  MyService.Messaging.Kafka.EventBusConsumer
[thrd:main]: Group "BL-9HQ76S2.pumaConsumerGroup1": no broker available for coordinator query: intervaled in state query-coord

[18:12:44 Debug][24]  MyService.Messaging.Kafka.EventBusConsumer
[thrd:sasl_ssl://brokern22p.domain.MyService.corp:9094/bootstrap]: sasl_ssl://brokern22p.domain.MyService.corp:9094/bootstrap: Received CONNECT op

[18:12:44 Debug][18]  MyService.Messaging.Kafka.EventBusConsumer
[thrd:sasl_ssl://brokern22p.domain.MyService.corp:9094/bootstrap]: sasl_ssl://brokern22p.domain.MyService.corp:9094/bootstrap: Broker changed state CONNECT -> DOWN

[18:12:44 Debug][25]  MyService.Messaging.Kafka.EventBusConsumer
[thrd:main]: Group "BL-9HQ76S2.pumaConsumerGroup1" received op GET_SUBSCRIPTION (v0) in state query-coord (join state init, v1 vs 0)

[18:12:44 Debug][24]  MyService.Messaging.Kafka.EventBusConsumer
[thrd:sasl_ssl://brokern22p.domain.MyService.corp:9094/bootstrap]: sasl_ssl://brokern22p.domain.MyService.corp:9094/bootstrap: Broker changed state INIT -> TRY_CONNECT

[18:12:44 Debug][18]  MyService.Messaging.Kafka.EventBusConsumer
[thrd:sasl_ssl://brokern22p.domain.MyService.corp:9094/bootstrap]: Broadcasting state change

[18:12:44 Debug][1]  MyService.Messaging.Kafka.EventBusConsumer
Confluent.Kafka.Consumer`2[System.String,MyService.sample_app.Sample] subscribed to: [bl-puma]

[18:12:44 Debug][24]  MyService.Messaging.Kafka.EventBusConsumer
[thrd:sasl_ssl://brokern22p.domain.MyService.corp:9094/bootstrap]: Broadcasting state change

[18:12:44 Debug][18]  MyService.Messaging.Kafka.EventBusConsumer
[thrd:sasl_ssl://brokern22p.domain.MyService.corp:9094/bootstrap]: sasl_ssl://brokern22p.domain.MyService.corp:9094/bootstrap: Purging bufq with 0 buffers

[18:12:44 Debug][24]  MyService.Messaging.Kafka.EventBusConsumer
[thrd:sasl_ssl://brokern22p.domain.MyService.corp:9094/bootstrap]: sasl_ssl://brokern22p.domain.MyService.corp:9094/bootstrap: broker in state TRY_CONNECT connecting

[18:12:44 Debug][18]  MyService.Messaging.Kafka.EventBusConsumer
[thrd:sasl_ssl://brokern22p.domain.MyService.corp:9094/bootstrap]: sasl_ssl://brokern22p.domain.MyService.corp:9094/bootstrap: Purging bufq with 0 buffers

[18:12:44 Debug][24]  MyService.Messaging.Kafka.EventBusConsumer
[thrd:sasl_ssl://brokern22p.domain.MyService.corp:9094/bootstrap]: sasl_ssl://brokern22p.domain.MyService.corp:9094/bootstrap: Broker changed state TRY_CONNECT -> CONNECT

[18:12:44 Debug][18]  MyService.Messaging.Kafka.EventBusConsumer
[thrd:sasl_ssl://brokern22p.domain.MyService.corp:9094/bootstrap]: sasl_ssl://brokern22p.domain.MyService.corp:9094/bootstrap: Updating 0 buffers on connection reset

[18:12:44 Debug][24]  MyService.Messaging.Kafka.EventBusConsumer
[thrd:sasl_ssl://brokern22p.domain.MyService.corp:9094/bootstrap]: Broadcasting state change

[18:12:44 Debug][18]  MyService.Messaging.Kafka.EventBusConsumer
[thrd:sasl_ssl://brokern22p.domain.MyService.corp:9094/bootstrap]: sasl_ssl://brokern22p.domain.MyService.corp:9094/bootstrap: Broker changed state DOWN -> INIT

[18:12:44 Debug][24]  MyService.Messaging.Kafka.EventBusConsumer
[thrd:sasl_ssl://brokern22p.domain.MyService.corp:9094/bootstrap]: sasl_ssl://brokern22p.domain.MyService.corp:9094/bootstrap: Connecting to ipv4#10.3.232.208:9094 (sasl_ssl) with socket 3024

[18:12:44 Debug][18]  MyService.Messaging.Kafka.EventBusConsumer
[thrd:sasl_ssl://brokern22p.domain.MyService.corp:9094/bootstrap]: Broadcasting state change

[18:12:44 Error][7]  MyService.Messaging.Kafka.EventBusConsumer
errorCode: Local_Ssl, reason: sasl_ssl://brokern22p.domain.MyService.corp:9094/bootstrap: SSL handshake failed: .\ssl\s3_clnt.c:1269: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed:  (after 84ms in state CONNECT)

[18:12:44 Error][4]  MyService.Messaging.Kafka.EventBusConsumer
errorCode: Local_Ssl, reason: sasl_ssl://brokern22p.domain.MyService.corp:9094/bootstrap: SSL handshake failed: .\ssl\s3_clnt.c:1269: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed:  (after 76ms in state CONNECT)

.net-core

apache-kafka

confluent-kafka-dotnet

windows

回答 1

Stack Overflow用户

发布于 2020-08-10 22:15:05

我通过在我的应用程序根目录下添加cacert.pem文件解决了这个问题，并在SslCaLocation配置中指定了文件名。

"Dev-on-Windows": {
      "commandName": "Project",
      "environmentVariables": {
        "Kafka__BootstrapServers": "myloadbalancer.myhost.corp:9094",
        "Kafka__EnableSslCertificateVerification": "true",
        "Kafka__SchemaRegistryUrl": "myschemareg.myhost.corp:8081,myschemreg2.myhost.corp:8081",
        "Kafka__SecurityProtocol": "SaslSsl",
        "Kafka__SslCaLocation": "cacert.pem",
        "Kafka__SaslMechanism": "Gssapi",       
        "Kafka__ClientId": "DotNetCoreReferenceApplication",
        "Kafka__ErrorTolerance": "Moderate",
        "Kafka__Debug" : "all",
        "ASPNETCORE_ENVIRONMENT": "Development"
      },
      "applicationUrl": "https://localhost:5001;http://localhost:5000"
    },

cacert.pem包含证书的PKs的级联。我是手工复制的。

这就是说，我不知道为什么汇合的客户端不能访问Windows证书根存储。我请了一个separate question来解决这个问题。

票数 1

页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持

原文链接：

https://stackoverflow.com/questions/63310003

复制

相似问题

问当EnableSslCertificateVerification设置为true (合流卡夫卡)-证书验证失败
EN

回答 1

Stack Overflow用户

社区

活动

圈层

关于

腾讯云开发者

热门产品

热门推荐

更多推荐

问当EnableSslCertificateVerification设置为true (合流卡夫卡)-证书验证失败EN

回答 1

Stack Overflow用户

社区

活动

圈层

关于

腾讯云开发者

热门产品

热门推荐

更多推荐

问当EnableSslCertificateVerification设置为true (合流卡夫卡)-证书验证失败
EN