Kafkajs EVP_DecryptFinal_ex:bad decrypt

Question

I have Kafka producer application which is trying to publish the records to the secured Kafka cluster running on port 9093. The security protocol in use is SSL. I referred this document to do the configurations-> https://kafka.js.org/docs/configuration#ssl

This is how I am creating Kafka object:

this.kafkaConfig = {
            clientId: process.env.KAFKA_CLIENT_ID,
            kafka_topic: process.env.KAFKA_TOPIC,
            brokers: process.env.KAFKA_BROKERS.split(','),
            ssl: {
                rejectUnauthorized: false,
                ca: [fs.readFileSync('/path/to/ca.pem', 'utf-8')],
                key: fs.readFileSync('/path/to/extracted-key.pem', 'utf-8'),
                cert: fs.readFileSync('/path/to/extracted-certs.pem', 'utf-8'),
            },
            retry: {
               retries: 5,
            },
        };

this.kafkaProducer = new KafkaProducer(this.kafkaConfig);

With same cert, key files; confluent-kafka Python consumer is able to connect. But the above code throws an error->

{"level":"ERROR","timestamp":"2022-07-11T03:57:23.286Z","logger":"kafkajs","message":"[BrokerPool] Failed to connect to seed broker, trying another broker from the list: Failed to connect: error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt","retryCount":0,"retryTime":308}
{"level":"ERROR","timestamp":"2022-07-11T03:57:23.602Z","logger":"kafkajs","message":"[BrokerPool] Failed to connect to seed broker, trying another broker from the list: Failed to connect: error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt","retryCount":1,"retryTime":592}
{"level":"ERROR","timestamp":"2022-07-11T03:57:24.200Z","logger":"kafkajs","message":"[BrokerPool] Failed to connect to seed broker, trying another broker from the list: Failed to connect: error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt","retryCount":2,"retryTime":1338}
{"level":"ERROR","timestamp":"2022-07-11T03:57:25.544Z","logger":"kafkajs","message":"[BrokerPool] Failed to connect to seed broker, trying another broker from the list: Failed to connect: error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt","retryCount":3,"retryTime":2538}
{"level":"ERROR","timestamp":"2022-07-11T03:57:28.088Z","logger":"kafkajs","message":"[BrokerPool] Failed to connect to seed broker, trying another broker from the list: Failed to connect: error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt","retryCount":4,"retryTime":5202}
{"level":"ERROR","timestamp":"2022-07-11T03:57:33.297Z","logger":"kafkajs","message":"[BrokerPool] Failed to connect to seed broker, trying another broker from the list: Failed to connect: error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt","retryCount":5,"retryTime":11196}
2022-07-11T03:57:33.300Z | error | local | [etl-batch] Exception occurred in the processing KafkaJSNumberOfRetriesExceeded: Failed to connect: error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt

Is there anything missing in my code? Kindly guide me. TIA.

Please show how you set `process.env.KAFKA_BROKERS`. Do you get the same error without env vars? — OneCricketeer, Jul 11 '22 at 12:11
Yeah, I copied the value from env vars and put it in the above code. Faced the same error. That env var holds the value like this- `'kafka-broker-1:9093','kafka-broker-2:9093'` — Swapnil, Jul 11 '22 at 12:38
You should remove the quotes. But are those addresses resolvable? — OneCricketeer, Jul 11 '22 at 12:43
Yes, I tried without quotes. I added those quotes later hoping that might be the issue. No change in the error. Yes, those addresses are resolvable because the consumer code in Python(confluent-kafka) is able to connect to all the brokers. — Swapnil, Jul 11 '22 at 12:49

Kafkajs EVP_DecryptFinal_ex:bad decrypt

0 Answers0