0

While I am trying to connect to kafka from other server using kafka-python. I am getting SSL certficate error.

ssl_certfile='~/cacerts.pem',ssl_password='~~~~',sasl_mechanism='GSSAPI',sasl_kerberos_service_name='ssskafka' ) Traceback (most recent call last): self._sslobj.do_handshake() File "/opt/middleware/anaconda_python/3.5.4/lib/python3.5/ssl.py", line 641, in do_handshake self._sslobj.do_handshake() ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:719)

Can someone help to fix the issue?

import ssl
import gssapi
from kafka import KafkaProducer, KafkaConsumer

consumer = KafkaConsumer(
    bootstrap_servers='AAA:9094,BBBB:9094,CCC:9094',
    security_protocol="SASL_SSL",
    ssl_certfile='~/cacerts.pem',
    ssl_password='~~~~',
    sasl_mechanism='GSSAPI',
    sasl_kerberos_service_name='ssskafka'
)
Tim
  • 2,510
  • 1
  • 22
  • 26
sbtota
  • 3
  • 2
  • 1
    How did you generate the SSL certificates? – Tim Aug 07 '19 at 01:20
  • SSL certificates generated using the keytool and openssl , the cacert file is working as of to connect across bridges and also java code. I am looking write python using SASL_SSL. – sbtota Aug 07 '19 at 13:40
  • So the cacert file also contains your CA certificate? One option (note this is not secure but can be used to eliminate other issues). Create an instance of `ssl.SSLContext()` and provide that as `ssl_context` in place of the `ssl_*` arguments. This will attempt a SSL connection with no verification. – Tim Aug 07 '19 at 14:03
  • Thanks Tim. However It has to be SASL_SSL secure connection only. and yes it contians MSPKI CA certifcates – sbtota Aug 07 '19 at 15:26

0 Answers0