- Più recenti
- Maggior numero di voti
- Maggior numero di commenti
Hello,
I understand that you are attempting to use an IoT rule to send messages on self-deployed Kafka cluster topic, which is SSL-enabled. However, the IoT rule is failing and you are receiving the following error message:
"KafkaAction failed to send a message to the specified bootstrap servers. Failed to process post-handshake messages. Message arrived on: NEL/telemetry, Action: kafka, topic: iot.redpanda.topic, bootstrap.servers: backbone-0.redpanda.devops.h2.theagilehub.net:31169,backbone-1.redpanda.devops.h2.theagilehub.net:31169,backbone-2.redpanda.devops.h2.theagilehub.net:31169"
By making some changes in the VPC network configuration might help in this scenario and If you are using a self-signed CA for Kafka cluster, and providing it to the KafkaAction in IoT Core Rule via a PKCS12 formatted truststore stored in Secrets Manager as a binary secret, create a X.509 cert and private key from the self-signed CA, generate a keystore in PKCS12 format, and store it in Secrets Manager as a binary secret. To access the binaries from Secrets Manager, use the get_secret method in your rule's configuration. Your IAM role should have a policy allowing access to these secrets. As truststore and keystore are both password protected. And also try to switch to SSL from SASL_SSL or vice versa in different region and test it.
Please refer to the below link for more information on this security mechanism supported regions.
Contenuto pertinente
- AWS UFFICIALEAggiornata un anno fa
Thanks for ypur response.I do understand and have used that mainly .. but can you be more elaborative about the network setup which is required. Also if its a certificate issue the error should be related to SSL handshake isn't it true ?