Skip to content

Commit 4fbdd42

Browse files
edenhilledenhill
committed
Add SSL instructions to README
1 parent f4c8c47 commit 4fbdd42

File tree

1 file changed

+20
-0
lines changed

1 file changed

+20
-0
lines changed

README.md

Lines changed: 20 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -229,6 +229,26 @@ More info here:
229229
https://github.com/edenhill/librdkafka/wiki/Broker-version-compatibility
230230

231231

232+
SSL certificates
233+
================
234+
If you're connecting to a Kafka cluster through SSL you will need to configure
235+
the client with `'security.protocol': 'SSL'` (or `'SASL_SSL'` if SASL
236+
authentication is used).
237+
238+
The client will use CA certificates to verify the broker's certificate.
239+
The embedded OpenSSL library will look for CA certificates in `/usr/lib/ssl/certs/`
240+
or `/usr/lib/ssl/cacert.pem`. CA certificates are typically provided by the
241+
Linux distribution's `ca-certificates` package which needs to be installed
242+
through `apt`, `yum`, et.al.
243+
244+
If your system stores CA certificates in another location you will need to
245+
configure the client with `'ssl.ca.location': '/path/to/cacert.pem'`.
246+
247+
Alternatively, the CA certificates can be provided by the [certifi](https://pypi.org/project/certifi/)
248+
Python package. To use certifi, add an `import certifi` line and configure the
249+
client's CA location with `'ssl.ca.location': certifi.where()`.
250+
251+
232252
Prerequisites
233253
=============
234254

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy