How to disable Kafka hostname verification for client scripts?

Question

Do you know how can I disable Kafka hostname verification for using Kafka scripts such as kafka-console-consumer.sh?

This is my config right now:

security.protocol=SASL_SSL
ssl.endpoint.identification.algorithm=
sasl.mechanism=JWT

I have set the ssl.endpoint.identification.algorithm to an empty string as you see above, but still I get this error:

Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
    at sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
    at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
    at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:280)
    at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:445)

I call the script as follows:

$KAFKAHOME/bin/kafka-console-consumer.sh \
--consumer.config myconfig.config \
--bootstrap-server  myaddress:myport\
--topic mytopic

Answer 1

I believe your client config is missing a path to the truststore file.

For example, this is my client.properties file

security.protocol=SSL
ssl.truststore.location=/security/server/server-truststore.jks
ssl.endpoint.identification.algorithm=