Roger Johansson asked:
I’m trying to connect to Confluents Kafka Clound using the .NET driver, internally that uses the native RdKafka machinery.
From my machine, the connection fails with a
rdkafka#producer-1| [thrd:sasl_ssl://url_to_cluster: sasl_ssl://url_to_bootstrap: SSL handshake failed: s3_clnt.c:1269: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed: (after 75ms in state CONNECT)
The client has a
EnableSslCertificateVerification property and if I set that to
false it all works fine.
But ignore the .NET and Kafka related info here, just background.
What on my machine is involved here?
Am I missing some form of certs locally?
I do have openssl installed, which afaik trusts a bunch of root certs by default.
It works fine for all coworkers, even mac users on the latest OS updates.
It also works on my machine if I run it from within Docker.
What can I check to resolve this?
You need to have installed the CA certificate that the server’s TLS certificate was signed with. You didn’t provide that information, but you can check the server’s configuration easily enough, e.g.:
openssl s_client -connect <server>:<port> -showcerts
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.