A kafkaconnect MONGDB with TLS and TLS auth has been successfully deployed and then a source type kafkaconnector in a kubernetes environment.
kubectl get kc
NAME DESIRED REPLICAS READY
mongodb-connect-community 1 True
kubectl get kctr
NAME CLUSTER CONNECTOR CLASS MAX TASKS READY
mongodb-source-unix mongodb-connect-community com.mongodb.kafka.connect.MongoSourceConnector 1 True
MONGODB collections have been synchronized to a topic in KAFKA.
Once this is achieved, I want to configure the TLS access to the mongodb database.
The connection uri field without TLS is this and it works.
connection.uri: mongodb://user:xxxx@mongorep-0.mongorep.enterprise-canary.svc.cluster.local/?replicaSet=mongorep
Tested with TLS but not working
connection.uri: mongodb://user:xxxx@mongorep-0.mongorep.enterprise-canary.svc.cluster.local/?replicaSet=mongorep&tls=true&tlsCAFile=/home/kafka/ca.crt
The following error appears in the logs:
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439)
at java.base/sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306)
at java.base/sun.security.validator.Validator.validate(Validator.java:264)
at java.base/sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:313)
at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:222)
at java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:129)
at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1340)
... 24 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at java.base/sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
at java.base/sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
at java.base/java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297)
at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434)
Has anyone tried to configure TLS access to the MONGODB DB?