Can PEM files be used for Kafka security?

Question

The documentation at http://kafka.apache.org/documentation/#security describes the process of enabling security in Kafka.

It describes the certificates to be in JKS format. Is it possible to use PEM formatted certificates with Kafka?

-Yash

Just import PEM certificates into .jks store using `keytool`? — Alex Ott, Jan 14 '18 at 10:40

score 3 · Answer 1 · answered Nov 11 '20 at 19:45

3

You'll be able to use PEM in Kafka after 2.7.0 is released. Details here. Currently you can also use PKCS12.

answered Nov 11 '20 at 19:45

Hex

242
6
21

Mickael Maison · Answer 2 · 2022-10-27T08:46:34.920

Update, since Kafka 2.7 PEM keys and certificates are supported.

You need to set ssl.keystore.type/ssl.certificate.type to PEM and then use ssl.keystore.key, ssl.keystore.certificate.chain and ssl.truststore.certificates to provide your keys and certificates.

Original answer

No you cannot directly use PEM certificates with Kafka.

This is not a Kafka restriction, it's just that all of the "mainstream" JVMs (HotSpot, OpenJDK, J9) use JKS.

See Import .key and .pem file to jks file and use in Java/Spring for the required steps to import a PEM file into a JKS store.

Can PEM files be used for Kafka security?

2 Answers2