Configure TLS

PegaSys Orchestrate supports the Transport Layer Security (TLS) protocol to enable secure communications between Orchestrate workers and Apache Kafka.

TLS must be enabled on each of the workers. Each worker has the same TLS options.

Command line option Value
kafka-tls-ca-cert-file CA certificate file path
kafka-tls-client-cert-file Client certificate file path
kafka-tls-client-key-file Client key file path
kafka-tls-enabled Enables TLS when connecting to Apache Kafka. Default is false
kafka-tls-insecure-skip-verify Specifies whether a client verifies the server’s certificate chain and host name. If true, TLS accepts any certificate presented by the server with any host name. In this mode, TLS is susceptible to man-in-the-middle attacks. Use only for testing. Default is false

Options can be specified using the equivalent environment variables. The equivalent environment variable is all caps and separated by _. For example, KAFKA_TLS_CA_CERT_FILE is the envioronment variable for the kafka-tls-ca-cert-file option. If the command line option and the environment variable are specified, the option takes precedence.