ssl.endpoint.identification.algorithm not working

[deadmandrive]

Hi Lenses team. I have kafka cluster with SASL SSL SCRAM-512 Authentication. I install multiply ui for kafka nad it working with ssl.endpoint.identification.algorithm= " " . But when I try to use lense for kafka ui. I add additional config with ssl.endpoint.identification.algorithm= " " But it error on test and said failed tls handshake.

org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed
Caused by: javax.net.ssl.SSLHandshakeException: Unknown identification algorithm: " "
        at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131)
        at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:350)
        at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:293)
        at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:288)
        at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1356)
        at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1231)
        at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1174)
        at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:392)
        at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:444)
        at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1074)
        at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1061)
        at java.base/java.security.AccessController.doPrivileged(Native Method)
        at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1008)
        at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:430)
        at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:514)
        at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:368)
        at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:291)
        at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:178)
        at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543)
        at org.apache.kafka.common.network.Selector.poll(Selector.java:481)
        at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:561)
        at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.processRequests(KafkaAdminClient.java:1333)
        at org.apache.kafka.clients.admin.KafkaAdminClient$AdminClientRunnable.run(KafkaAdminClient.java:1264)
        at java.base/java.lang.Thread.run(Thread.java:834)
Caused by: java.security.cert.CertificateException: Unknown identification algorithm: " "
        at java.base/sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:462)
        at java.base/sun.security.ssl.X509TrustManagerImpl.checkIdentity(X509TrustManagerImpl.java:415)
        at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:283)
        at java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:141)
        at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1334)
        ... 19 common frames omitted

Really need some help to solve this issue. Also I can't recreate cert because there are dev that using this kafka cluster.

[raphaelpfl]

We found a workaround by creating a YAML file:

e.g.:

connections:
  zookeeper:
    templateName: Zookeeper
    configurationObject:
      zookeeperUrls:
        - zoo1:2181
        - zoo2:2181
        - zoo3:2181
      zookeeperSessionTimeout: 10000 # in milliseconds
      zookeeperConnectionTimeout: 10000 # in milliseconds
  kafka: # Constant connection name
    templateName: Kafka
    configurationObject:
      protocol: SASL_SSL
      kafkaBootstrapServers:
      - SASL_SSL://kafka1:9093
      - SASL_SSL://kafka2:9093
      - SASL_SSL://kafka3:9093
      protocol: SASL_SSL
      sslTruststore:
        fileRef:
          filePath: /files/kafka.server.truststore.jks
      sslTruststorePassword: XXX
      saslMechanism: PLAIN
      saslJaasConfig: |
        org.apache.kafka.common.security.plain.PlainLoginModule required
        username="XXX"
        password="XXX";
      additionalProperties:
        ssl.endpoint.identification.algorithm: ""
  schema-registry:
    templateName: SchemaRegistry
    configurationObject:
      schemaRegistryUrls:
        - http://schema-reg1:8081
        - http://schema-reg2:8081
        - http://schema-reg3:8081
  kafka-connect-qas:
    templateName: KafkaConnect
    configurationObject:
      workers:
        - http://kafka-conn1:8083
        - http://kafka-conn2:8083
        - http://kafka-conn3:8083

and run lenses-cli (docker) to apply configuration on lenses application.