I am trying to configure kafka with SSL but when I start kafka, then I get this error:

[2019-08-12 12:28:15,506] INFO Awaiting socket connections on localhost:9093. (kafka.network.Acceptor) [2019-08-12 12:28:17,014] ERROR [KafkaServer id=0] Fatal error during KafkaServer startup. Prepare to shutdown (kafka.server.KafkaServer) org.apache.kafka.common.KafkaException: org.apache.kafka.common.config.ConfigException: Invalid value javax.net.ssl.SSLHandshakeException: General SSLEngine problem for configuration A client SSLEngine created with the provided settings can't connect to a server SSLEngine created with those settings. at org.apache.kafka.common.network.SslChannelBuilder.configure(SslChannelBuilder.java:73) at org.apache.kafka.common.network.ChannelBuilders.create(ChannelBuilders.java:146) at org.apache.kafka.common.network.ChannelBuilders.serverChannelBuilder(ChannelBuilders.java:85) at kafka.network.Processor.<init>(SocketServer.scala:726) at kafka.network.SocketServer.newProcessor(SocketServer.scala:367) at kafka.network.SocketServer.$anonfun$addDataPlaneProcessors$1(SocketServer.scala:261) at scala.collection.immutable.Range.foreach$mVc$sp(Range.scala:158) at kafka.network.SocketServer.addDataPlaneProcessors(SocketServer.scala:260) at kafka.network.SocketServer.$anonfun$createDataPlaneAcceptorsAndProcessors$1(SocketServer.scala:223) at kafka.network.SocketServer.$anonfun$createDataPlaneAcceptorsAndProcessors$1$adapted(SocketServer.scala:220) at scala.collection.mutable.ResizableArray.foreach(ResizableArray.scala:62) at scala.collection.mutable.ResizableArray.foreach$(ResizableArray.scala:55) at scala.collection.mutable.ArrayBuffer.foreach(ArrayBuffer.scala:49) at kafka.network.SocketServer.createDataPlaneAcceptorsAndProcessors(SocketServer.scala:220) at kafka.network.SocketServer.startup(SocketServer.scala:120) at kafka.server.KafkaServer.startup(KafkaServer.scala:255) at io.confluent.support.metrics.SupportedServerStartable.startup(SupportedServerStartable.java:114) at io.confluent.support.metrics.SupportedKafka.main(SupportedKafka.java:66) Caused by: org.apache.kafka.common.config.ConfigException: Invalid value javax.net.ssl.SSLHandshakeException: General SSLEngine problem for configuration A client SSLEngine created with the provided settings can't connect to a server SSLEngine created with those settings. at org.apache.kafka.common.security.ssl.SslFactory.configure(SslFactory.java:98) at org.apache.kafka.common.network.SslChannelBuilder.configure(SslChannelBuilder.java:71) ... 17 more [2019-08-12 12:28:17,017] INFO [KafkaServer id=0] shutting down (kafka.server.KafkaServer)

This is what I have done:

- 1) Create a Certificate Authority. The generated CA is a public-private key pair and certificate used to sign other certificates. A CA is responsible for signing certificates. openssl req -new -newkey rsa:4096 -days 365 -x509 -subj "/CN=Kafka-Security-CA" -keyout ca-key -out ca-cert -nodes - 2) Create a kafka broker certificate: keytool -genkey -keystore kafka.server.keystore.jks -validity 365 -storepass serversecret -keypass serversecret -dname "CN=localhost" -storetype pkcs12 - 3) Get the signed version of the certificate: keytool -keystore kafka.server.keystore.jks -certreq -file cert-file -storepass serversecret -keypass serversecret - 4) Sign the certificate with the CA: openssl x509 -req -CA ca-cert -CAkey ca-key -in cert-file -out cert-signed -days 365 -CAcreateserial -passin pass:serversecret - 5) Create a truststore by importing the CA public certificate so that the kafka broker is trusting all certificates which has been issued by our CA: keytool -keystore kafka.server.truststore.jks -alias CARoot -import -file ca-cert -storepass serversecret -keypass serversecret -noprompt - 6) Import the signed certificate in the keystore: keytool -keystore kafka.server.keystore.jks -alias CARoot -import -file ca-cert -storepass serversecret -keypass serversecret -noprompt - 7) Configure server.properties: listeners=PLAINTEXT://localhost:9092,SSL://localhost:9093 advertised.listeners=PLAINTEXT://localhost:9092,SSL://localhost:9093 zookeeper.connect=localhost:2181 ssl.keystore.location=/home/xrobot/confluent-5.3.0-community/kafka.server.keystore.jks ssl.keystore.password=serversecret ssl.key.password=serversecret ssl.truststore.location=/home/xrobot/confluent-5.3.0-community/kafka.server.truststore.jks ssl.truststore.password=serversecret security.inter.broker.protocol=SSL ssl.client.auth=required ssl.endpoint.identification.algorithm=https

EDIT: I removed https from "ssl.endpoint.identification.algorithm=https" and now I get this error: