Hi Kafka Experts, Even I am looking for comprehensive document on TLS and MTLs with all tyeps of certs. my organisation gives me signed certs in p12 format with a root cert and .key and .cer file. With my limited knowledge of ssl security, when I look at apache kafka ssl document I clueless about where to configure what? Appreciate if someone share documents with little elaboration in above sense for both TLS and mTLS
this is how my org signed certs look like. For every Kafka Broker and controller node. hostname.p12 hostname.cer hostname.key myOrgRoot.crt myOrgRoot-Ent.crt Regards, Sunil. On Fri, 6 Mar 2026 at 4:38 AM, Renko Alexander P via users < [email protected]> wrote: > Good Day, > Errors trying to start KAFKA 4.1 server with SSL using PEM files. Was > successful starting it without SSL. Under LINUX with Java 17. > > After reading several older posts about PEM files and Kafka nothing is > still working. I'm either getting > > 1. Failed to load PEM SSL keystore (when putting keys and certs in > files) > Or > > 1. No matching PRIVATE KEY entries in PEM file (putting key and cert > contents in the server.properties file) > > I've tried using encrypted (password) and unencrypted (no password) > Private Keys - no difference. > > My keys/certs/ and CA certs all match up (openssl commands performed to > verify) > > I have a private key, a server certificate (1 cert) and a CA cert (6 > certs). There are no clear instructions on whether intermediate or all > signing certs should be > part of ssl.keystore.certificate.chain= > > Or, it is unclear how ssl.keystore.location= should be constructed if > using files. > > There are just no good recent examples to be found anywhere, and APACHE > KAFKA documentation does not discuss this. > > Can the Kafka team provide a proven example of PEM key, cert, and CA cert > (with multiple certs in it) and how to configure this please. > > Thank You, > --Alex R > > > >
