'kafka-avro-console-consumer: Specify truststore location for schema-registry
I am using confluent kafka-avro-console-consumer like following
/kafka-avro-console-consumer --bootstrap-server <brokers> --topic Topic-out --property schema.registry.url=https://schemaregistry:443/ --consumer.config client-sasl-ssl.properties --from-beginning
It fails to connect to schema registry with the following error,
org.apache.kafka.common.errors.SerializationException: Error deserializing Avro message for id 45
Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192)
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1946)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:316)
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:310)
which means that i need to specify truststore location in java path like ( i have done it for custom java code and it worked)
Djavax.net.ssl.trustStore=truststore.jks -Djavax.net.ssl.trustStoreType=jks --Djavax.net.ssl.trustStorePassword=pass
The question is where do i specify above parameters while running kafka-avro-console-consumer command.
Solution 1:[1]
Adding the following to client-sasl-ssl.properties should fix the problem:
schema.registry.ssl.truststore.location=TRUSTSTORE_LOCATION
schema.registry.ssl.truststore.password=TRUSTSTORE_PASSWORD
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | FLG |