Configure TLS
PegaSys Orchestrate supports the Transport Layer Security (TLS) protocol to enable secure communications between Orchestrate workers and Apache Kafka.
TLS must be enabled on each of the workers. Each worker has the same TLS options.
| Command line option | Value |
|---|---|
kafka-tls-ca-cert-file |
CA certificate file path |
kafka-tls-client-cert-file |
Client certificate file path |
kafka-tls-client-key-file |
Client key file path |
kafka-tls-enabled |
Enables TLS when connecting to Apache Kafka. Default is false |
kafka-tls-insecure-skip-verify |
Specifies whether a client verifies the server’s certificate chain and host name. If true, TLS accepts any certificate presented by the server with any host name. In this mode, TLS is susceptible to man-in-the-middle attacks. Use only for testing. Default is false |
Options can be specified using the equivalent environment variables. The equivalent environment variable
is all caps and separated by _. For example, KAFKA_TLS_CA_CERT_FILE is the envioronment variable
for the kafka-tls-ca-cert-file option. If the command line option and the environment variable are specified,
the option takes precedence.