SSL Only Authentication on Confluent Cloud

Wanted to know for Confluent Cloud deployed as Fully managed cluster, Can our clients connect with SSL Authentication only with generated certificates on broker side ?

If yes, Does confluent cloud instance have the capability to generate certs and use that at our client configuration side ?

Our clients are configured to use only SSL based authentication and has no option to do a SASL_SSL based authentication with API Key .

Is SSL based authentication possible by generating certificates at Kafka server (Confluent Cloud) end and configure them at the Kafka clients.

I couldnt get any documentation for Confluent cloud based which does any of these with detailed steps mostly its for self deployed cluster with access to unix command line.

Confluent Cloud doesn’t support TLS authentication. The supported options are API key and secret (SASL/PLAIN) or OAuth 2.0 (SASL/OAUTHBEARER).