OneClick Fails to Connect With Kafka - SSL handshake failed - unable to find valid certification path to requested target
Article ID: 405900
Updated On:
Products
Issue/Introduction
We are seeing ‘SSL Handshake Failed’ errors when OneClick tries to connect to the Kafka bootstrap servers.
|
2025-07-29 16:13:42,976 [kafka-admin-client-thread | adminclient-1] ERROR org.apache.kafka.clients.NetworkClient - [AdminClient clientId=adminclient-1] Connection to node -1 (<kafkaServerA>/##.##.##.##:9092) failed authentication due to: SSL handshake failed 2025-07-29 16:13:42,977 [kafka-admin-client-thread | adminclient-1] WARN org.apache.kafka.clients.admin.internals.AdminMetadataManager - [AdminClient clientId=adminclient-1] Metadata update failed due to authentication error |
Cause
The specified keystore did not contain the Certificate Authority (CA) root nor intermediary certificates and therefore the client (OneClick) was unable to verify the kafka signed certificate.
Resolution
Transferred the keystore file from the Kafka server to the OneClick server. Restarted OneClick tomcat and we see communication
Additional Information
Secure Communication Between OneClick and Kafka Using Client Certificates
$SPECROOT/tomcat/conf/application-spring.properties
spring.kafka.security.protocol=SSL
spring.kafka.ssl.trust-store-location=file:/etc/ssl/keystore.pfx
spring.kafka.ssl.trust-store-password=changeit
spring.kafka.ssl.key-store-location=file:/etc/ssl/keystore.pfx
spring.kafka.ssl.key-store-password=changeit
spring.kafka.ssl.key-password=changeit
spring.kafka.bootstrap-servers=<kafkaServerA>:9092,<kafkaServerB>:9092
Feedback
