Hi I'm wondering if someone can help as i'm completly hopeless at this point. I need to connect to a broker and connection is being made using TSL. I'm using confluent kafka python and took configuration code from librdkafka documentation.
I first created the .csr file to provide this to the broker's team. When i created this the following was created: privkey.pem, test02.key, test02.csr and from here i gave them the test02.csr
The broker's team signed the certificate and sent back 2 files: test_user.pem and ca.pem
So conf is configured as follows:
from confluent_kafka import Consumer, KafkaError
bootstrap_servers = 'xxx:9093'
ssl_cert_path = 'test_user.pem'
ssl_key_path = 'test02.key'
ssl_ca_path = 'ca.pem'
group_id = 'group_test'
topic = 'test123'
# Kafka consumer configuration
conf = {
'bootstrap.servers': bootstrap_servers,
'security.protocol': 'ssl',
'ssl.key.location': ssl_key_path,
'ssl.certificate.location': ssl_cert_path,
'ssl.ca.location': ssl_ca_path,
'group.id': group_id,
'auto.offset.reset': 'earliest' # Adjust as needed
I'm still getting an handshake error after this. So I went back at they said i need to add root ca into trust store. so I ran the following commands:
openssl pkcs12 -export -in test_user.pem -inkey test02.key -certfile test02.pem -out testfile.p12
keytool -importkeystore -srckeystore testfile.p12 -srcstoretype pkcs12 -destkeystore testfile-keystore.jks -deststoretype JKS
Truststore command:
keytool -import -file ./ca.pem -alias kafkatest -keystore ./testfile-keystore.jks -deststorepass password
after doing this i got a message saying certificate added to keystore. I left python configuration as it is but i'm still getting the following handshake error:
%3|1705054307.018|FAIL|rdkafka#consumer-1| [thrd:ssl://xxx:9193/bootstrap]: ssl://xxx/bootstrap: SSL handshake failed: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed: broker certificate could not be verified, verify that ssl.ca.location is correctly configured or root CA certificates are installed (install ca-certificates package) (after 56ms in state SSL_HANDSHAKE)
Any help really appreciated, as i'm not sure what to do next...