Kafka producer in Websphere EJB: SslAuthenticationException

Question

I am using a Websphere EJB application and I need to configure a Kafka producer. Not sure why it is throwing org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed. We dont have any SSL certs configured but using SASL PLAIN authentication. Here is the method that set the Config properties

private Producer setProducer() {
    Properties props = new Properties();
    props.put("bootstrap.servers", "server.confluent.cloud:9092");
    props.put("sasl.mechanism", "PLAIN");
    props.put("sasl.jaas.config", "org.apache.kafka.common.security.plain.PlainLoginModule required username=\"DR45F4GSVVDGT\" password=\"xxx\";");
    props.put("security.protocol", "SASL_SSL");
    props.put("key.serializer", "org.apache.kafka.common.serialization.StringSerializer");
    props.put("value.serializer", "org.apache.kafka.common.serialization.StringSerializer");

    Producer producer = new KafkaProducer<String, String>(props);
    return producer;
}

I am using JDK 8 and Kafka-client-2.7. Unfortunately I need to get this working in the websphere environment. Below is the full exception. A help would be greatly appreciated.

[1/13/23 3:25:55:921 CST] 000002f3 SystemErr     R   org.apache.kafka.common.errors.SslAuthenticationException: SSL handshake failed
[1/13/23 3:25:55:921 CST] 000002f3 SystemErr     R   Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
[1/13/23 3:25:55:921 CST] 000002f3 SystemErr     R      at com.ibm.jsse2.D.z(D.java:472)
[1/13/23 3:25:55:921 CST] 000002f3 SystemErr     R      at com.ibm.jsse2.aq.b(aq.java:349)
[1/13/23 3:25:55:921 CST] 000002f3 SystemErr     R      at com.ibm.jsse2.aq.c(aq.java:304)
[1/13/23 3:25:55:922 CST] 000002f3 SystemErr     R      at com.ibm.jsse2.aq.wrap(aq.java:194)
[1/13/23 3:25:55:922 CST] 000002f3 SystemErr     R      at javax.net.ssl.SSLEngine.wrap(SSLEngine.java:21)
[1/13/23 3:25:55:922 CST] 000002f3 SystemErr     R      at org.apache.kafka.common.network.SslTransportLayer.handshakeWrap(SslTransportLayer.java:478)
[1/13/23 3:25:55:922 CST] 000002f3 SystemErr     R      at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:341)
[1/13/23 3:25:55:922 CST] 000002f3 SystemErr     R      at org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:291)
[1/13/23 3:25:55:922 CST] 000002f3 SystemErr     R      at org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:173)
[1/13/23 3:25:55:922 CST] 000002f3 SystemErr     R      at org.apache.kafka.common.network.Selector.pollSelectionKeys(Selector.java:543)
[1/13/23 3:25:55:922 CST] 000002f3 SystemErr     R      at org.apache.kafka.common.network.Selector.poll(Selector.java:481)
[1/13/23 3:25:55:922 CST] 000002f3 SystemErr     R      at org.apache.kafka.clients.NetworkClient.poll(NetworkClient.java:563)
[1/13/23 3:25:55:922 CST] 000002f3 SystemErr     R      at org.apache.kafka.clients.producer.internals.Sender.runOnce(Sender.java:325)
[1/13/23 3:25:55:922 CST] 000002f3 SystemErr     R      at org.apache.kafka.clients.producer.internals.Sender.run(Sender.java:240)
[1/13/23 3:25:55:922 CST] 000002f3 SystemErr     R      at java.lang.Thread.run(Thread.java:785)
[1/13/23 3:25:55:922 CST] 000002f3 SystemErr     R   Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
[1/13/23 3:25:55:922 CST] 000002f3 SystemErr     R      at com.ibm.jsse2.k.a(k.java:6)
[1/13/23 3:25:55:923 CST] 000002f3 SystemErr     R      at com.ibm.jsse2.aq.a(aq.java:113)
[1/13/23 3:25:55:923 CST] 000002f3 SystemErr     R      at com.ibm.jsse2.D.a(D.java:91)
[1/13/23 3:25:55:923 CST] 000002f3 SystemErr     R      at com.ibm.jsse2.D.a(D.java:74)
[1/13/23 3:25:55:923 CST] 000002f3 SystemErr     R      at com.ibm.jsse2.E.a(E.java:307)
[1/13/23 3:25:55:923 CST] 000002f3 SystemErr     R      at com.ibm.jsse2.E.a(E.java:121)
[1/13/23 3:25:55:923 CST] 000002f3 SystemErr     R      at com.ibm.jsse2.D.r(D.java:223)
[1/13/23 3:25:55:923 CST] 000002f3 SystemErr     R      at com.ibm.jsse2.D$b.a(D$b.java:3)
[1/13/23 3:25:55:923 CST] 000002f3 SystemErr     R      at com.ibm.jsse2.D$b.run(D$b.java:4)
[1/13/23 3:25:55:923 CST] 000002f3 SystemErr     R      at java.security.AccessController.doPrivileged(AccessController.java:686)
[1/13/23 3:25:55:923 CST] 000002f3 SystemErr     R      at com.ibm.jsse2.D$c.run(D$c.java:10)
[1/13/23 3:25:55:923 CST] 000002f3 SystemErr     R      at org.apache.kafka.common.network.SslTransportLayer.runDelegatedTasks(SslTransportLayer.java:430)
[1/13/23 3:25:55:923 CST] 000002f3 SystemErr     R      at org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:514)
[1/13/23 3:25:55:923 CST] 000002f3 SystemErr     R      at org.apache.kafka.common.network.SslTransportLayer.doHandshake(SslTransportLayer.java:368)
[1/13/23 3:25:55:923 CST] 000002f3 SystemErr     R      ... 8 more
[1/13/23 3:25:55:923 CST] 000002f3 SystemErr     R   Caused by: com.ibm.jsse2.util.h: PKIX path building failed: java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could not build a valid CertPath.; internal cause is: 
    java.security.cert.CertPathValidatorException: The certificate issued by CN=ISRG Root X1, O=Internet Security Research Group, C=US is not trusted; internal cause is: 
    java.security.cert.CertPathValidatorException: Certificate chaining error
[1/13/23 3:25:55:924 CST] 000002f3 SystemErr     R      at com.ibm.jsse2.util.f.a(f.java:107)
[1/13/23 3:25:55:924 CST] 000002f3 SystemErr     R      at com.ibm.jsse2.util.f.b(f.java:108)
[1/13/23 3:25:55:924 CST] 000002f3 SystemErr     R      at com.ibm.jsse2.util.e.a(e.java:4)
[1/13/23 3:25:55:924 CST] 000002f3 SystemErr     R      at com.ibm.jsse2.aB.a(aB.java:211)
[1/13/23 3:25:55:924 CST] 000002f3 SystemErr     R      at com.ibm.jsse2.aB.a(aB.java:96)
[1/13/23 3:25:55:924 CST] 000002f3 SystemErr     R      at com.ibm.jsse2.aB.checkServerTrusted(aB.java:183)
[1/13/23 3:25:55:924 CST] 000002f3 SystemErr     R      at com.ibm.jsse2.E.a(E.java:608)
[1/13/23 3:25:55:924 CST] 000002f3 SystemErr     R      ... 17 more
[1/13/23 3:25:55:924 CST] 000002f3 SystemErr     R   Caused by: java.security.cert.CertPathBuilderException: PKIXCertPathBuilderImpl could not build a valid CertPath.; internal cause is: 
    java.security.cert.CertPathValidatorException: The certificate issued by CN=ISRG Root X1, O=Internet Security Research Group, C=US is not trusted; internal cause is: 
    java.security.cert.CertPathValidatorException: Certificate chaining error
[1/13/23 3:25:55:924 CST] 000002f3 SystemErr     R      at com.ibm.security.cert.PKIXCertPathBuilderImpl.engineBuild(PKIXCertPathBuilderImpl.java:422)
[1/13/23 3:25:55:925 CST] 000002f3 SystemErr     R      at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:268)
[1/13/23 3:25:55:925 CST] 000002f3 SystemErr     R      at com.ibm.jsse2.util.f.a(f.java:74)
[1/13/23 3:25:55:925 CST] 000002f3 SystemErr     R      ... 23 more
[1/13/23 3:25:55:925 CST] 000002f3 SystemErr     R   Caused by: java.security.cert.CertPathValidatorException: The certificate issued by CN=ISRG Root X1, O=Internet Security Research Group, C=US is not trusted; internal cause is: 
    java.security.cert.CertPathValidatorException: Certificate chaining error
[1/13/23 3:25:55:925 CST] 000002f3 SystemErr     R      at com.ibm.security.cert.BasicChecker.<init>(BasicChecker.java:111)
[1/13/23 3:25:55:925 CST] 000002f3 SystemErr     R      at com.ibm.security.cert.PKIXCertPathValidatorImpl.engineValidate(PKIXCertPathValidatorImpl.java:199)
[1/13/23 3:25:55:925 CST] 000002f3 SystemErr     R      at com.ibm.security.cert.PKIXCertPathBuilderImpl.myValidator(PKIXCertPathBuilderImpl.java:749)
[1/13/23 3:25:55:925 CST] 000002f3 SystemErr     R      at com.ibm.security.cert.PKIXCertPathBuilderImpl.buildCertPath(PKIXCertPathBuilderImpl.java:661)
[1/13/23 3:25:55:925 CST] 000002f3 SystemErr     R      at com.ibm.security.cert.PKIXCertPathBuilderImpl.buildCertPath(PKIXCertPathBuilderImpl.java:607)
[1/13/23 3:25:55:925 CST] 000002f3 SystemErr     R      at com.ibm.security.cert.PKIXCertPathBuilderImpl.engineBuild(PKIXCertPathBuilderImpl.java:368)
[1/13/23 3:25:55:925 CST] 000002f3 SystemErr     R      ... 25 more
[1/13/23 3:25:55:925 CST] 000002f3 SystemErr     R   Caused by: java.security.cert.CertPathValidatorException: Certificate chaining error
[1/13/23 3:25:55:926 CST] 000002f3 SystemErr     R      at com.ibm.security.cert.CertPathUtil.findIssuer(CertPathUtil.java:316)
[1/13/23 3:25:55:926 CST] 000002f3 SystemErr     R      at com.ibm.security.cert.BasicChecker.<init>(BasicChecker.java:108)
[1/13/23 3:25:55:926 CST] 000002f3 SystemErr     R      ... 30 more

UPDATE As I am still struggling to find an answer let me update with what I did. First of all I could not find the certificate CN=ISRG Root X1, O=Internet Security Research Group, C=US which is mentioned in the exception. This certificate is nowhere in the Websphere server. Also there is no certificate configured in confluent platform. I also tried to add Websphere SSL library to set Websphere TrustStore in Kafka Producer config properties as below:

com.ibm.websphere.ssl.JSSEHelper jsseHelper = JSSEHelper.getInstance();
Properties sslProperties = jsseHelper.getProperties("default");
props.put(org.apache.kafka.common.config.SslConfigs.SSL_TRUSTSTORE_LOCATION_CONFIG,sslProperties.getProperty("com.ibm.ssl.trustStore"));
props.put("ssl.endpoint.identification.algorithm", "");

but this gives me below exception:

Caused by: java.lang.ClassNotFoundException: com.ibm.websphere.security.WebSphereRuntimePermission
    at org.eclipse.osgi.internal.loader.BundleLoader.findClassInternal(BundleLoader.java:506)
    at org.eclipse.osgi.internal.loader.BundleLoader.findClass(BundleLoader.java:422)
    at org.eclipse.osgi.internal.loader.BundleLoader.findClass(BundleLoader.java:410)
    at org.eclipse.osgi.internal.baseadaptor.DefaultClassLoader.loadClass(DefaultClassLoader.java:107)
    at java.lang.ClassLoader.loadClass(ClassLoader.java:809)

I am not sure if this was a solution but definitely was not helping :(