How To Use Certificates with Kafka Clients


If you have chosen to enable client ⇆ broker encryption on your Kafka cluster, you will need to enable SSL encryption when configuring your Kafka client. To enable SSL you will need a certificate to verify the identity of the cluster before you connect to it.

Download certificates from Instaclustr console

For convenience, Instaclustr provides certificate files you can use when configuring your client in three formats:

  • Java Key Store (.jks) for use with Java clients
  • X.509 certificate (.pem) for use with Python and Ruby clients
  • X.509 certificate (.der) for use with .NET clients

You can download these certificates from the Instaclustr console by navigating to Clusters -> Kafka -> Connection Details and Downloading the Cluster CA X.509 Certificates zip. The archive contains .jks, .der, and .pem format certificates and a README file with instructions for use.

Using the certificates with a Kafka client

Instaclustr provides detailed examples on connecting to Kafka with SSL using:

The Apache Kafka project also maintains a list of clients across a wider set of languages with their own examples of how to connect to Kafka with SSL.


Spin up a cluster in less
than 5 minutes.
(No credit card required)

Sign Up Now

Site by Swell Design Group