0

I created a Kafka cluster at https://confluent.cloud/. I am trying to write a simple producer, with kafka-python.

Here is my producer code:

from kafka import KafkaProducer
producer = KafkaProducer(
    bootstrap_servers='pkc-419q3.us-east4.gcp.confluent.cloud:9092',
    security_protocol='SASL_SSL',
    sasl_mechanism='PLAIN',
    sasl_plain_username='CKQB...',
    sasl_plain_password='7XKX...'
)
producer.send('my_topic', b'some_message_bytes')
producer.flush()

Running the above results in this error:

ssl.SSLCertVerificationError:
[SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed:
certificate has expired (_ssl.c:1123)

I see that the KafkaProducer has options for ssl_cafile, ssl_certfile, etc. But I don't know which to use or where to get these files.

What do I need to do to diagnose or correct this on a Windows 10 machine?

Wallace Kelly
  • 15,565
  • 8
  • 50
  • 71
  • 1
    I switched my code from using [kafka-python](https://pypi.org/project/kafka-python/) to using [confluent-kafka](https://pypi.org/project/confluent-kafka/). The Confluent-provided Python package runs without error. It would be nice to know if the kafka-python package could be made to work. – Wallace Kelly Mar 26 '22 at 02:39

1 Answers1

0

Error is saying certificate expired but Bootstrap server you have selected has a valid certificate:

9092/tcp open  XmlIpcRegSvc
| ssl-cert: Subject: commonName=*.us-east4.gcp.confluent.cloud
| Subject Alternative Name: DNS:*.us-east4.gcp.confluent.cloud, DNS:*.us-east4.gcp.glb.confluent.cloud
| Issuer: commonName=R3/organizationName=Let's Encrypt/countryName=US
| Public Key type: rsa
| Public Key bits: 2048
| Signature Algorithm: sha256WithRSAEncryption
| Not valid before: 2022-02-20T19:24:47
| Not valid after:  2022-05-21T19:24:46
| MD5:   886e c415 ba01 bba3 c043 f55b 4b24 87bf
|_SHA-1: 3c00 bedf ae03 5656 acc6 71cf a3b5 7e6b b6a2 d832

Are you connecting behind any proxy servers? One of those servers TLS certificates may be expired.

Nick Lauder
  • 371
  • 2
  • 5