Hi Kafka Experts,
Even I am looking for comprehensive document on TLS and MTLs with all tyeps
of certs.
my organisation gives me signed certs in p12 format with a root cert and
.key and .cer file.
With my limited knowledge of ssl security, when I look at apache kafka ssl
document I clueless about where to configure what?
Appreciate if someone share documents with little elaboration in above
sense for both TLS and mTLS
this is how my org signed certs look like.
For every Kafka Broker and controller node.
hostname.p12
hostname.cer
hostname.key
myOrgRoot.crt
myOrgRoot-Ent.crt
Regards,
Sunil.
On Fri, 6 Mar 2026 at 4:38 AM, Renko Alexander P via users <
users@kafka.apache.org> wrote:
> Good Day,
> Errors trying to start KAFKA 4.1 server with SSL using PEM files. Was
> successful starting it without SSL. Under LINUX with Java 17.
>
> After reading several older posts about PEM files and Kafka nothing is
> still working. I'm either getting
>
> 1. Failed to load PEM SSL keystore (when putting keys and certs in
> files)
> Or
>
> 1. No matching PRIVATE KEY entries in PEM file (putting key and cert
> contents in the server.properties file)
>
> I've tried using encrypted (password) and unencrypted (no password)
> Private Keys - no difference.
>
> My keys/certs/ and CA certs all match up (openssl commands performed to
> verify)
>
> I have a private key, a server certificate (1 cert) and a CA cert (6
> certs). There are no clear instructions on whether intermediate or all
> signing certs should be
> part of ssl.keystore.certificate.chain=
>
> Or, it is unclear how ssl.keystore.location= should be constructed if
> using files.
>
> There are just no good recent examples to be found anywhere, and APACHE
> KAFKA documentation does not discuss this.
>
> Can the Kafka team provide a proven example of PEM key, cert, and CA cert
> (with multiple certs in it) and how to configure this please.
>
> Thank You,
> --Alex R
>
>
>
>
Even I am looking for comprehensive document on TLS and MTLs with all tyeps
of certs.
my organisation gives me signed certs in p12 format with a root cert and
.key and .cer file.
With my limited knowledge of ssl security, when I look at apache kafka ssl
document I clueless about where to configure what?
Appreciate if someone share documents with little elaboration in above
sense for both TLS and mTLS
this is how my org signed certs look like.
For every Kafka Broker and controller node.
hostname.p12
hostname.cer
hostname.key
myOrgRoot.crt
myOrgRoot-Ent.crt
Regards,
Sunil.
On Fri, 6 Mar 2026 at 4:38 AM, Renko Alexander P via users <
users@kafka.apache.org> wrote:
> Good Day,
> Errors trying to start KAFKA 4.1 server with SSL using PEM files. Was
> successful starting it without SSL. Under LINUX with Java 17.
>
> After reading several older posts about PEM files and Kafka nothing is
> still working. I'm either getting
>
> 1. Failed to load PEM SSL keystore (when putting keys and certs in
> files)
> Or
>
> 1. No matching PRIVATE KEY entries in PEM file (putting key and cert
> contents in the server.properties file)
>
> I've tried using encrypted (password) and unencrypted (no password)
> Private Keys - no difference.
>
> My keys/certs/ and CA certs all match up (openssl commands performed to
> verify)
>
> I have a private key, a server certificate (1 cert) and a CA cert (6
> certs). There are no clear instructions on whether intermediate or all
> signing certs should be
> part of ssl.keystore.certificate.chain=
>
> Or, it is unclear how ssl.keystore.location= should be constructed if
> using files.
>
> There are just no good recent examples to be found anywhere, and APACHE
> KAFKA documentation does not discuss this.
>
> Can the Kafka team provide a proven example of PEM key, cert, and CA cert
> (with multiple certs in it) and how to configure this please.
>
> Thank You,
> --Alex R
>
>
>
>
Comments
Post a Comment