Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Error message: curlCode: 60, SSL peer certificate or SSH remote key was not OK #517

Open
kothapet opened this issue Aug 8, 2023 · 1 comment

Comments

@kothapet
Copy link

kothapet commented Aug 8, 2023

I am getting these errors. Normally in my corporate environment, I patch the Java cacerts with key tool, and already did that.
However I see that there are cacerts folder created in the /tmp/amazon-kinesis-producer-native-binaries/cacerts and multiple files under it. Guessing something to do with this.
Any thoughts on how to fix this..

2023-08-08T15:06:39.833-04:00  INFO 8110 --- [kpl-daemon-0003] c.a.s.k.producer.LogInputStreamReader    : [2023-08-08 15:06:39.832754] [0x0000201d][0x00007ff86ab68840] [info] [kinesis_producer.cc:226] Created pipeline for stream "ak-input-stream"
2023-08-08T15:06:39.884-04:00  WARN 8110 --- [kpl-daemon-0003] c.a.s.k.producer.LogInputStreamReader    : [2023-08-08 15:06:39.884027] [0x0000201d][0x00007ff86ab68840] [warning] [AWS Log: ERROR](CurlHttpClient)Curl returned error code 60 - SSL peer certificate or SSH remote key was not OK
2023-08-08T15:06:39.884-04:00  WARN 8110 --- [kpl-daemon-0003] c.a.s.k.producer.LogInputStreamReader    : [2023-08-08 15:06:39.884123] [0x0000201d][0x00007ff86ab68840] [warning] [AWS Log: ERROR](AWSXmlClient)HTTP response code: -1
Resolved remote host IP address: 67.220.243.61
Request ID:
Exception name:
Error message: curlCode: 60, SSL peer certificate or SSH remote key was not OK
0 response headers:

@basapuram-kumar
Copy link

I got similar issue for Kafka Producer error somethink similar to the above issue.

Error

[2024-02-01 10:52:02,760] ERROR [2024-02-01 10:52:02.760568] [0x00146901][0x00007f4d90e9e700] [error] AWS Log: ERRORCurl returned error code 60 (com.amazonaws.services.kinesis.producer.LogInputStreamReader:64)


[2024-02-01 10:52:02,761] ERROR [2024-02-01 10:52:02.760689] [0x00146901][0x00007f4d90e9e700] [error] [shard_map.cc:150] Shard map update for stream "basa-stream-demo" failed. Code:  Message: Unable to connect to endpoint; retrying in 30000 ms (com.amazonaws.services.kinesis.producer.LogInputStreamReader:64)

I see that the CA path certs are located in the below directory for the Producer.

/tmp/amazon-kinesis-producer-native-binaries/

So the files available here are


root@druidcheck2:~/kafka/kafka_2.12-2.8.2# ll /tmp/amazon-kinesis-producer-native-binaries/

prw-r--r--  1 root root        0 Feb  1 10:38 amz-aws-kpl-in-pipe-b54e6e52|
prw-r--r--  1 root root        0 Feb  1 10:38 amz-aws-kpl-out-pipe-36dfd45a|
-rwxrwxrwx  1 root root     2563 Feb  1 10:37 b204d74a.0*
-rwxr--r--  1 root root 58630072 Feb  1 10:38 kinesis_producer_e9a87c761db92a73eb74519a4468ee71def87eb2*

and

file /tmp/amazon-kinesis-producer-native-binaries/b204d74a.0
/tmp/amazon-kinesis-producer-native-binaries/b204d74a.0: PEM certificate

I suspect that this PEM file as CA cert might not valid one, so copied all CA certs to this location.

I copied all the CA files from here
https://github.com/awslabs/amazon-kinesis-producer/tree/master/java/amazon-kinesis-producer/src/main/resources/cacerts

and, copied to /tmp/amazon-kinesis-producer-native-binaries/ on Kafka Connect host.

With that, its able to pick the valid CA cert out of all certs.

With the above , able to read/submit messages to Kinesis streams.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants