If you have chosen to enable client ⇆ broker encryption on your Kafka cluster, you will need to enable SSL encryption when configuring your Kafka client. To enable SSL you will need a certificate to verify the identity of the cluster before you connect to it.
Download certificates from Instaclustr console
For convenience, Instaclustr provides certificate files you can use when configuring your client in three formats:
- Java Key Store (.jks) for use with Java clients
- X.509 certificate (.pem) for use with Python and Ruby clients
- X.509 certificate (.der) for use with .NET clients
You can download these certificates from the Instaclustr console by navigating to Clusters -> Kafka -> Connection Details and Downloading the Cluster CA X.509 Certificates zip. The archive contains .jks, .der, and .pem format certificates and a README file with instructions for use.
Using the certificates with a Kafka client
Instaclustr provides detailed examples on connecting to Kafka with SSL using:
The Apache Kafka project also maintains a list of clients across a wider set of languages with their own examples of how to connect to Kafka with SSL.