- Newest
- Most votes
- Most comments
Hello,
I understand that you are attempting to use an IoT rule to send messages on self-deployed Kafka cluster topic, which is SSL-enabled. However, the IoT rule is failing and you are receiving the following error message:
"KafkaAction failed to send a message to the specified bootstrap servers. Failed to process post-handshake messages. Message arrived on: NEL/telemetry, Action: kafka, topic: iot.redpanda.topic, bootstrap.servers: backbone-0.redpanda.devops.h2.theagilehub.net:31169,backbone-1.redpanda.devops.h2.theagilehub.net:31169,backbone-2.redpanda.devops.h2.theagilehub.net:31169"
By making some changes in the VPC network configuration might help in this scenario and If you are using a self-signed CA for Kafka cluster, and providing it to the KafkaAction in IoT Core Rule via a PKCS12 formatted truststore stored in Secrets Manager as a binary secret, create a X.509 cert and private key from the self-signed CA, generate a keystore in PKCS12 format, and store it in Secrets Manager as a binary secret. To access the binaries from Secrets Manager, use the get_secret method in your rule's configuration. Your IAM role should have a policy allowing access to these secrets. As truststore and keystore are both password protected. And also try to switch to SSL from SASL_SSL or vice versa in different region and test it.
Please refer to the below link for more information on this security mechanism supported regions.
Relevant content
- Accepted Answerasked 2 years ago
- Accepted Answerasked 2 years ago
- Accepted Answerasked 2 years ago
- AWS OFFICIALUpdated 3 years ago
- AWS OFFICIALUpdated 5 months ago
- AWS OFFICIALUpdated 7 months ago
- AWS OFFICIALUpdated 2 years ago
Thanks for ypur response.I do understand and have used that mainly .. but can you be more elaborative about the network setup which is required. Also if its a certificate issue the error should be related to SSL handshake isn't it true ?