我为Kafka设置了ssl。首先，我通过以下命令创建keystore和trustore：

keytool -keystore server.keystore.jks -alias localhost -validity 1000 -genkey
keytool -importkeystore -srckeystore server.keystore.jks -destkeystore server.keystore.jks    -deststoretype pkcs12

openssl req -new -x509 -keyout ca-key -out ca-cert -days 1000
keytool -keystore server.truststore.jks -alias CARoot -import -file ca-cert
keytool -keystore client.truststore.jks -alias CARoot -import -file ca-cert

keytool -keystore server.keystore.jks -alias localhost -certreq -file cert-file
openssl x509 -req -CA ca-cert -CAkey ca-key -in cert-file -out cert-signed -days 1000 -CAcreateserial   -passin pass:1234
keytool -keystore server.keystore.jks -alias CARoot -import -file ca-cert
keytool -keystore server.keystore.jks -alias localhost -import -file cert-signed

openssl s_client -debug -connect localhost:9093 -tls1_2

然后我配置 server.properties 具体如下：

listeners=PLAINTEXT://localhost:9092,SSL://localhost:9093
security.protocol = SSL
ssl.keystore.location=/opt/hk/bin/cert/kafka/server.keystore.jks
ssl.keystore.password=1234
ssl.key.password=tuhk1234
ssl.truststore.location=/opt/hk/bin/cert/kafka/server.truststore.jks
ssl.truststore.password=1234
ssl.client.auth=none
ssl.enabled.protocols=TLSv1.2
ssl.keystore.type=JKS
ssl.truststore.type=JKS

然后我尝试如下配置producer.properties：

bootstrap.servers=localhost:9093
security.protocol=SSL
ssl.truststore.location=/opt/hk/bin/cert/kafka/client.truststore.jks
ssl.truststore.password=1234
ssl.enabled.protocols=TLSv1.2

我启动生产者如下

./bin/kafka-console-producer.sh --broker-list localhost:9093 --topic test --producer.config ./config/producer.properties

但有以下例外
[2020-08-31 10:35:00136]错误[producer clientid=console producer]连接到节点-1（localhost/127.0.0.1:9093）身份验证失败，原因是：ssl握手失败（org.apache.kafka.clients.networkclient）[2020-08-31 10:35:00，137]警告[producer clientid=console producer]引导代理localhost:9093 （id:-1机架：空）已断开连接（org.apache.kafka.clients.networkclient）
有人能帮忙吗？