Hi Janez.  I'm not sure what might be going wrong with the SSL support.  We'll need to try and reproduce that locally.  One thing I should mention though is that you're using a deprecated storage mechanism.  You should be using this docker image if you want to use Kafka as the storage:

apicurio/apicurio-registry-streams

That uses Kafka Streams for storage - the plain kafka variant was deprecated some time ago and will be removed in the next major release.

-Eric


On Sat, Nov 21, 2020 at 9:55 AM Janez Bindas <janez.bindas@gmail.com> wrote:
Hi all,

We have a problem with settings of Apicurio Schema Registry. We have basic configuration of Kafka cluster with SSL. But when we try to connect Apicurio with Kafka we get errors.

This is our docker script to run Apicurio. 

docker run -it --env KAFKA_BOOTSTRAP_SERVERS=b-3.dev.kdm41f.c4.kafka.eu-central-1.amazonaws.com:9094 --env 'JAVA_OPTIONS=-Dquarkus.profile=prod -D%prod.registry.streams.topology.security.protocol=SSL -D%prod.registry.kafka.snapshot-consumer.security.protocol=SSL -Dsecurity.protocol=SSL' apicurio/apicurio-registry-kafka:latest


Output:

…..
        sasl.login.refresh.window.jitter = 0.05
sasl.mechanism = GSSAPI
security.protocol = PLAINTEXT
security.providers = null
send.buffer.bytes = 131072
…..
sasl.login.refresh.window.jitter = 0.05
sasl.mechanism = GSSAPI
security.protocol = SSL
security.providers = null
send.buffer.bytes = 131072
…..

I think that the first time Apicurio tries to connect it connects with PLAINTEXT (in red) and second times it connects with SSL (in red). 

Can you please help me to configurate Apicurio that use SSL? 

Regards Janez Bindas 

_______________________________________________
Apicurio mailing list -- apicurio@lists.jboss.org
To unsubscribe send an email to apicurio-leave@lists.jboss.org


--
Eric Wittmann
Principal Software Engineer - Apicurio - Red Hat
He / Him / His
eric.wittmann@redhat.com