SSL issue Logstash sending logs to a Kafka instance

We are getting a SSL error sending to Kafka from Logstash. We generated a csr, which was signed by the Kafka's CA. Then we took the pub and private key and converted them to a pkcs12 format with openssl with something like this:
openssl pkcs12 -export -in cert-with-chain.pem -inkey cert.key -name "<name>" -out keystore.p12

Then we took the p12 file and created a JKS with this:
keytool -importkeystore -srckeystore src.keystore -srcstoretype pkcs12 -srcalias "<alias>" -destkeystore dest.keystore -deststoretype jks

For the truststore, we used the Root CA public key and imported it into a JKS as well. If anyone has any tips on where to look next, or how to troubleshoot this error, it would be greatly appreciated.

Here is the error message from our logstash log:
[2022-08-19T15:08:06,615][INFO ][org.apache.kafka.common.network.Selector] [Producer clientId=producer-1] Failed authentication with soc-queue-prod-02.it.vt.edu/198.82.161.168 (SSL handshake failed)
[2022-08-19T15:08:06,615][ERROR][org.apache.kafka.clients.NetworkClient] [Producer clientId=producer-1] Connection to node -2 (soc-queue-prod-02.it.vt.edu/198.82.161.168:9092) failed authentication due to: SSL handshake failed
[2022-08-19T15:08:06,615][WARN ][org.apache.kafka.clients.NetworkClient] [Producer clientId=producer-1] Bootstrap broker soc-queue-prod-02.it.vt.edu:9092 (id: -2 rack: null) disconnected

Here is our output plugin:
output {
if [module] =~ "zeek" and [dataset] =~ "conn" {
kafka {
id => "events_to_kafka"
bootstrap_servers => "soc-queue-prod-01.it.vt.edu:9092,soc-queue-prod-02.it.vt.edu:9092,soc-queue-prod-03.it.vt.edu:9092,soc-queue-prod-04.it.vt.edu:9092,soc-queue-prod-05.it.vt.edu:9092,soc-queue-prod-06.it.vt.edu:9092,soc-queue-prod-07.it.vt.edu:9092,soc-queue-prod-08.it.vt.edu:9092,soc-queue-prod-09.it.vt.edu:9092"
topic_id => "soc-queue-itso"
codec => "json"
security_protocol => "SSL"
ssl_keystore_location => "/usr/share/logstash/data/cliffbar.iso.vt.edu.jks"
ssl_keystore_password => "password"
ssl_truststore_location => "/usr/share/logstash/data/LAAca.jks"
#ssl_truststore_location => "/opt/logstash/certs/LAAca.jks"
ssl_truststore_password => "password"
retries => 0
ssl_endpoint_identification_algorithm => ""
}
}
}

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.