Configure TLS/SSL authentication for Kafka clients
Kafka supports TLS/SSL authentication (two-way authentication). Client configuration is done by setting the relevant security-related properties for the client.
The following steps demonstrate configuration for the console consumer or producer. If you are configuring a custom developed client, see Java client security examples or .Net client security examples for code examples.
- Generate or acquire a key and truststore for your clients which contain all necessary keys and certificates.
- Note down the locations and passwords for the key and truststores. You will need to provide these during configuration.
- If the Certificate Authority of the client certificates is different from the
Certificate Authority of the broker certificates, ensure the client Certificate
Authority certificate is added to the truststore of the Kafka brokers.
Otherwise, the broker will not trust the certificates used by its clients and a trusted connection will not be established.