cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
Data Engineering
Join discussions on data engineering best practices, architectures, and optimization strategies within the Databricks Community. Exchange insights and solutions with fellow data engineers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Databricks <-> Kafka - SSL handshake failed

Jayanth746
New Contributor III

‎11-17-2022 09:36 AM

I am receiving SSL handshake error even though the trust-store I have created is based on server certificate and the fingerprint in the certificate matches the trust-store fingerprint.

kafkashaded.org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed Caused by: sun.security.validator.ValidatorException: PKIX path validation failed: java.security.cert.CertPathValidatorException: signature check failed Caused by: java.security.cert.CertPathValidatorException: signature check failed Caused by: java.security.SignatureException: Signature does not match.

df = spark.readStream \

 .format("kafka") \

 .option("kafka.bootstrap.servers","XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX") \

 .option("kafka.security.protocol", "SSL") \

 .option("kafka.ssl.truststore.location",'/dbfs/dbfs/FileStore/Certs/client.truststore1der.jks' )

 .option("kafka.ssl.keystore.location", '/dbfs/dbfs/FileStore/Certs/client.keystore.jks') \

 .option("kafka.ssl.keystore.password", keystore_pass) \

 .option("kafka.ssl.truststore.password", truststore_pass) \

 .option("kafka.ssl.keystore.type", "JKS") \

 .option("kafka.ssl.truststore.type", "JKS") \

 .option("kafka.ssl.endpoint.identification.algorithm","") \

 .option("subscribe","bets")   \

 .load()

  

Labels:
0 Kudos
2 REPLIES 2

Debayan
Databricks Employee
Databricks Employee

‎11-17-2022 11:18 PM

Hi @Jayanth Goulla​ , worth a try ,

https://stackoverflow.com/questions/54903381/kafka-failed-authentication-due-to-ssl-handshake-failed

Did you follow: https://docs.microsoft.com/en-us/azure/databricks/spark/latest/structured-streaming/kafka?

Jayanth746
New Contributor III
In response to Debayan

‎11-18-2022 01:09 AM

Hi @Debayan Mukherjee​ , I have already specified the option  .option("kafka.ssl.endpoint.identification.algorithm","") \.

My error is specific to signature not matching

java.security.SignatureException: Signature does not match.

The 2nd link is not working

image

Preview file
42 KB

Connect with Databricks Users in Your Area

Join a Regional User Group to connect with local Databricks users. Events will be happening in your city, and you won’t want to miss the chance to attend and share knowledge.

If there isn’t a group near you, start one and help create a community that brings people together.

Request a New Group
Announcements