now i have two jks file: kafka.client.truststore.jks and client.keystore.jks, however, python connection libs all using pem file auth way. So i try to convert this two file into pem by this post: Connect to Apache Kafka from Python using SSL,and found these exception:
Traceback (most recent call last):
File "/Users/luke/Code/python/mykafka/mykafka.py", line 10, in <module>
ssl_keyfile='/Users/luke/Code/java/kafka-keys/key.pem')
File "/Library/Frameworks/Python.framework/Versions/3.5/lib/python3.5/site-packages/kafka/producer/kafka.py", line 328, in __init__
**self.config)
... ...
File "/Library/Frameworks/Python.framework/Versions/3.5/lib/python3.5/ssl.py", line 633, in do_handshake
self._sslobj.do_handshake()
ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:645)
i received this two jks file from others, so i don't know what the alias for these jks file, so i follow this qa: How to check certificate name and alias in keystore files? to list all the alias and found only one, so use it in the post way.
my command to create pem is flollwing:
keytool -list -keystore .keystore
keytool -exportcert -alias kafka-client -keystore kafka.client.keystore.jks -rfc -file certificate.pem
keytool -v -importkeystore -srckeystore kafka.client.keystore.jks -srcalias kafka- client -destkeystore cert_and_key.p12 -deststoretype PKCS12
openssl pkcs12 -in cert_and_key.p12 -nocerts -nodes
keytool -exportcert -alias ca -keystore kafka.client.truststore.jks -rfc -file CARoot.pem
i wonder what's wrong, i try these two jks file in java, they work well.
