Documentation

Using Certificates with Apache Kafka Clients

If you have chosen to enable client ⇆ broker encryption on your Kafka cluster, you will need to enable SSL encryption when configuring your Kafka client. To enable SSL you will need a certificate to verify the identity of the cluster before you connect to it.

Download certificates from Instaclustr console

For convenience, Instaclustr provides certificate files you can use when configuring your client in three formats:

  • Java Key Store (.jks) for use with Java clients
  • X.509 certificate (.pem) for use with Python and Ruby clients
  • X.509 certificate (.der) for use with .NET clients

You can download these certificates from the Instaclustr console by navigating to Clusters -> Kafka -> Connection Details and Downloading the Cluster CA X.509 Certificates zip. The archive contains .jks, .der, and .pem format certificates and a README file with instructions for use.

Using the certificates with a Kafka client

Instaclustr provides detailed examples on connecting to Kafka with SSL using:

The Apache Kafka project also maintains a list of clients across a wider set of languages with their own examples of how to connect to Kafka with SSL.

By Instaclustr Support
Previous Article Connect to Apache Kafka and Kafka Connect Using VPC Peering (AWS) Next Article Managing Apache Kafka Topics
Need Support?
Learn More
Experiencing difficulties on the website or console?
Status page for known incidents
Already have an account?
Log In to the Console
Need help with your cluster?
Contact Support
Why sign up?
To experience the ease of creating and managing clusters via the Instaclustr Console
Spin up a cluster in minutes
Free Trial