How To Use Certificates with Kafka Clients

If you have chosen to enable client ⇆ broker encryption on your Kafka cluster, you will need to enable SSL encryption when configuring your Kafka client. To enable SSL you will need a certificate to verify the identity of the cluster before you connect to it.

Download certificates from Instaclustr console

For convenience, Instaclustr provides certificate files you can use when configuring your client in three formats:

  • Java Key Store (.jks) for use with Java clients
  • X.509 certificate (.pem) for use with Python and Ruby clients
  • X.509 certificate (.der) for use with .NET clients

You can download these certificates from the Instaclustr console by navigating to Clusters -> Kafka -> Connection Details and Downloading the Cluster CA X.509 Certificates zip. The archive contains .jks, .der, and .pem format certificates and a README file with instructions for use.

Using the certificates with a Kafka client

Instaclustr provides detailed examples on connecting to Kafka with SSL using:

The Apache Kafka project also maintains a list of clients across a wider set of languages with their own examples of how to connect to Kafka with SSL.

Need Support
Learn More

Already have an account?
Login to the Console

Experiencing difficulties on the website or console?
Status page for known incidents

Don’t have an account yet?
Sign up for a free trial

Why sign up?
To experience the ease of creating and managing clusters via the Instaclustr Console.