Skip to content
You are reading Codefi Orchestrate development version documentation and some displayed features may not be available in the stable release. You can switch to stable version using the version box at screen bottom.

Configure TLS

Orchestrate supports the Transport Layer Security (TLS) protocol to enable secure communications between Orchestrate workers and Apache Kafka.

TLS must be enabled on each of the workers. Each worker has the same TLS options.

Command line option Value
kafka-tls-ca-cert-file CA certificate file path
kafka-tls-client-cert-file Client certificate file path
kafka-tls-client-key-file Client key file path
kafka-tls-enabled Enables TLS when connecting to Apache Kafka. Default is false
kafka-tls-insecure-skip-verify Specifies whether a client verifies the server’s certificate chain and host name. If true, TLS accepts any certificate presented by the server with any host name. In this mode, TLS is susceptible to man-in-the-middle attacks. Use only for testing. Default is false

Options can be specified using the equivalent environment variables. The equivalent environment variable is all caps and separated by _. For example, KAFKA_TLS_CA_CERT_FILE is the environment variable for the kafka-tls-ca-cert-file option. If the command line option and the environment variable are specified, the option takes precedence.

ConsenSys has acquired Quorum from J.P. Morgan. Please read the FAQ.
Questions or feedback? You can obtain paid professional support by Consensys at