trust-store AKA $JAVA_HOME/lib/security/cacerts is the system-wide location for 
all of your certificates

when your CA-server starts up unless otherwise specified CA-Server will lookup 
root cert(s) in truststore/cacerts

if you have not installed all your root-certs into cacerts you should do so 
immediately

https://www.ibm.com/support/knowledgecenter/en/SSYKE2_7.1.0/com.ibm.java.security.component.71.doc/security-component/keytoolDocs/cacertsfile.html
The cacerts Certificates File - 
IBM<https://www.ibm.com/support/knowledgecenter/en/SSYKE2_7.1.0/com.ibm.java.security.component.71.doc/security-component/keytoolDocs/cacertsfile.html>
A certificates file named cacerts resides in the security properties directory, 
java.home\lib\security, where java.home is the runtime environment directory 
(the jre directory in the SDK or the top-level directory of the Java™ 2 Runtime 
Environment).
www.ibm.com


TLS or SSL are crypto protocols and reference certs regardless of crypto 
protocol implemented

certs are not designed to be implemented only by TLS or SSL

ciao

________________________________
From: Zhou, Thomas <thz...@paypal.com.INVALID>
Sent: Thursday, May 16, 2019 6:56 PM
To: users@kafka.apache.org
Subject: Question about Kafka TLS

Hi,

I have a question about how TLS config at Kafka client side. Based on the 
official document, if clients want to enable TLS, they must put 
ssl.truststore.location in the client config in where there is a JKS file to 
hold the trust store. My question is that is this config mandatory? Is there a 
possibility that we get truststore.jks from a service and store in memory so we 
don’t have to maintain a file in client side.

Thanks,
Thomas

Reply via email to