Hi ,
I would like to know how we can replace expired SSL certificates with newly generated SSL certificates for Confluent Kafka Production Cluster without any cluster downtime ?
It must also be ensured that producers and consumers do not break due to new SSL certificates .
Regards
Ravi Bhati
To dynamically update expired SSL/TLS certificates on an existing broker trust store, you can use the kafka-configs
command inlcuded in this section:
Updating SSL Trust Store of an Existing Listener
Based on the docs, “expired certificates are updated on brokers without a rolling restart).”
Steve
1 Like