Strimzi cluster CA does not support OCSP check #10330
sudheesh-87
started this conversation in
General
Replies: 1 comment 2 replies
-
The Strimzi CA does not have any OCSP support. I do not think it is causing any problems with Kafka clients by default. So it is likely caused by our own configuration changes or your own environment setup. |
Beta Was this translation helpful? Give feedback.
2 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Hi ,
I'm trying to connect to strimzi cluster using the cluster CA certificate configured as truststore in my Java client but failed in SSL handshake due to no OCSP responder provided in Strimzi CA certificate , is there a way to disable this OCSP check using kafka client SSL configuration ?
j.s.cert.CertPathValidatorException: Certificate does not specify OCSP responder
at s.s.provider.certpath.RevocationChecker.checkOCSP(RevocationChecker.java:746)
at s.s.provider.certpath.RevocationChecker.check(RevocationChecker.java:369)
at s.s.provider.certpath.RevocationChecker.check(RevocationChecker.java:343)
at s.s.p.c.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:125)
... 29 common frames omitted
Suppressed: j.s.cert.CertPathValidatorException: Could not determine revocation status
at s.s.provider.certpath.RevocationChecker.buildToNewKey(RevocationChecker.java:1152)
at s.s.provider.certpath.RevocationChecker.verifyWithSeparateSigningKey(RevocationChecker.java:972)
at s.s.provider.certpath.RevocationChecker.checkCRLs(RevocationChecker.java:611)
at s.s.provider.certpath.RevocationChecker.checkCRLs(RevocationChecker.java:471)
at s.s.provider.certpath.RevocationChecker.check(RevocationChecker.java:400)
... 31 common frames omitted
Beta Was this translation helpful? Give feedback.
All reactions