Question
ING Bank N.V.
NL
Last activity: 10 Jun 2024 13:41 EDT
Pega Platform fails to authenticate to Kafka cluster using mTLS
Hi, We are working on externalizing Kafka and we are facing a problem with the authentication, even though we have placed the Kafka cluster certificate in the (truststore.jks) file and updated the (keystore.jks) with a valid certificate we see the following error message:
Failed authentication with internal.kafka.domain/10.0.0.x (SSL handshake failed)
Here's a snippet of the stream service values for my environment:
stream:
enabled: true
bootstrapServer: "broker1.srv:9093, broker2.srv:9093, broker3.srv:9093, broker4.srv:9093"
securityProtocol: SSL
trustStore: "truststore.jks"
trustStorePassword: "xxxxxxx"
keyStore: "keystore.jks"
keyStorePassword: "xxxxxxx"
jaasConfig: ""
saslMechanism: PLAIN
streamNamePattern: "pega-{stream.name}"
replicationFactor: "1"
external_secret_name: ""
** It's important to mention that our cluster expects mTLS as the authentication method.
Cheers, Mina
Accepted Solution
Updated: 8 May 2024 11:05 EDT
Pegasystems Inc.
GB
Pega Infinity supports mutual TLS (mTLS) for securing connections to external Kafka clusters. The error message you're seeing typically indicates a problem with the SSL handshake process, which could be due to a variety of reasons. It could be that the certificates are not correctly configured, the truststore or keystore password is incorrect, or there could be a mismatch between the security protocol expected by your Kafka cluster and the one configured in Pega. Please double-check your configuration and ensure that the certificates, passwords, and security protocol are correctly set up.
This is a GenAI-powered tool. All generated answers require validation against the provided references.
Kafka configuration instance - properties file - error connecting to external Kafka
External Kafka in your deployment > Traffic encryption between Pega and your
Connecting a Pega Platform virtual machine deployment to use a streaming servic
If you need further help, please log a support ticket via the MSP.
Charles Schwab
US
Accepted Solution
Updated: 8 May 2024 11:05 EDT
Pegasystems Inc.
GB
Pega Infinity supports mutual TLS (mTLS) for securing connections to external Kafka clusters. The error message you're seeing typically indicates a problem with the SSL handshake process, which could be due to a variety of reasons. It could be that the certificates are not correctly configured, the truststore or keystore password is incorrect, or there could be a mismatch between the security protocol expected by your Kafka cluster and the one configured in Pega. Please double-check your configuration and ensure that the certificates, passwords, and security protocol are correctly set up.
This is a GenAI-powered tool. All generated answers require validation against the provided references.
Kafka configuration instance - properties file - error connecting to external Kafka
External Kafka in your deployment > Traffic encryption between Pega and your
Connecting a Pega Platform virtual machine deployment to use a streaming servic
If you need further help, please log a support ticket via the MSP.
Charles Schwab
US
@MarijeSchillern - Thank you. We are able to solve this issue.
When passing the certificate in prconfig we are observed the Node level certificate is being skipped. Created a separate JKS and uploaded both Node level cert and authentication based cert and passed in prconfig.xml.