dtanner/kafka-cert-options.md

## kafka-cert-options.md

      
    Raw
  

              kafka-cert-options.md
            
          
    Does this remind anyone else of the Emo Philips Northern Conservative Baptist Great Lakes Region Council of 1912 joke?


Format
Base64 Encoded
Java Client Compatible
Kcat Compatible
Benthos Compatible
YAML Config Compatible


JKS File
❌
✅
❌
❌
✅


PKCS12 File
❌
✅
❌
❌
✅


PKCS8 PEM String
✅
✅
✅
❌
❌


PKCS8 PEM Unencrypted File
✅
❌
✅
✅
✅


PKCS1 Encrypted PEM File
✅
❌
✅
✅
✅


PKCS8 Encrypted PEM File (MD5 DES-CBC)
✅
✅
✅
❌
✅


PKCS8 Encrypted PEM File (any secure modern algo)
✅
✅
✅
✅
✅


Sample Java Kafka client properties using a PKCS #8 password-protected key

PEM

"security.protocol" = "SSL"
"ssl.keystore.type" = "PEM"
"ssl.keystore.location" = "/my-kafka-cert.pem"
"ssl.endpoint.identification.algorithm" = ""
"ssl.key.password" = "$THE_PASSWORD"
Sample kcat config file using a PKCS #8 password-protected key

security.protocol=ssl
ssl.certificate.location=/my-kafka-cert.com.pem
ssl.ca.location=/my-kafka-cert.pem
ssl.key.location=/rmy-kafka-cert.pem
ssl.key.password=$THE_PASSWORD
kcat -P -b thebroker:9093 -t thetopic -F /reference-dev.kcat.conf -T -K::: -l /tmp/messages
where /tmp/messages is:
foo-bar:::{"a": true}
Format	Base64 Encoded	Java Client Compatible	Kcat Compatible	Benthos Compatible	YAML Config Compatible
JKS File	❌	✅	❌	❌	✅
PKCS12 File	❌	✅	❌	❌	✅
PKCS8 PEM String	✅	✅	✅	❌	❌
PKCS8 PEM Unencrypted File	✅	❌	✅	✅	✅
PKCS1 Encrypted PEM File	✅	❌	✅	✅	✅
PKCS8 Encrypted PEM File (MD5 DES-CBC)	✅	✅	✅	❌	✅
PKCS8 Encrypted PEM File (any secure modern algo)	✅	✅	✅	✅	✅