You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@kafka.apache.org by Atulya Bhimarasetty <at...@gmail.com> on 2017/03/10 17:01:59 UTC

Kafka Support For .P12 or .PFX Certificates

Hello,
We use Kafka in our enterprise and there is a push to secure the existing
clusters via SSL. The documentation mentions generating a certificate and
signing it. But our security team has already given us the certificates.
Does Kafka support P12 or PFX certificates ?

Thank you,
Atulya

Re: Kafka Support For .P12 or .PFX Certificates

Posted by Harsh J <ha...@cloudera.com>.

A p12/pfx (PKCS-12) is a file format that carries certificates (keys).
Kafka accepts a jks (Java Key Store) format instead. You can port your
p12/pfx file-stored certificates into a jks file format using the
$JAVA_HOME/bin/keytool command, for use with Kafka and other Java
applications that work with a jks format. You do not need to ask your
security teams to do this, as you can do it yourself once you have any form
of issued certificate in some format.

A web search should get you a few guides on how you can use the keytool
utility to achieve this with your existing p12/pfx files:
https://www.google.com/search?q=p12+to+jks

On Sat, 11 Mar 2017 at 00:12 Atulya Bhimarasetty <at...@gmail.com> wrote:

> Hello,
> We use Kafka in our enterprise and there is a push to secure the existing
> clusters via SSL. The documentation mentions generating a certificate and
> signing it. But our security team has already given us the certificates.
> Does Kafka support P12 or PFX certificates ?
>
> Thank you,
> Atulya
>