trust-store AKA $JAVA_HOME/lib/security/cacerts is the system-wide location for all of your certificates
when your CA-server starts up unless otherwise specified CA-Server will lookup root cert(s) in truststore/cacerts if you have not installed all your root-certs into cacerts you should do so immediately https://www.ibm.com/support/knowledgecenter/en/SSYKE2_7.1.0/com.ibm.java.security.component.71.doc/security-component/keytoolDocs/cacertsfile.html The cacerts Certificates File - IBM<https://www.ibm.com/support/knowledgecenter/en/SSYKE2_7.1.0/com.ibm.java.security.component.71.doc/security-component/keytoolDocs/cacertsfile.html> A certificates file named cacerts resides in the security properties directory, java.home\lib\security, where java.home is the runtime environment directory (the jre directory in the SDK or the top-level directory of the Java™ 2 Runtime Environment). www.ibm.com TLS or SSL are crypto protocols and reference certs regardless of crypto protocol implemented certs are not designed to be implemented only by TLS or SSL ciao ________________________________ From: Zhou, Thomas <thz...@paypal.com.INVALID> Sent: Thursday, May 16, 2019 6:56 PM To: users@kafka.apache.org Subject: Question about Kafka TLS Hi, I have a question about how TLS config at Kafka client side. Based on the official document, if clients want to enable TLS, they must put ssl.truststore.location in the client config in where there is a JKS file to hold the trust store. My question is that is this config mandatory? Is there a possibility that we get truststore.jks from a service and store in memory so we don’t have to maintain a file in client side. Thanks, Thomas