How to set up certificates for Kafka when using strimzi operator ?

Solution Verified - Updated -


  • We installed Kafka using the strimzi operator in our Openshift platform during install of Kafka Cluster we opt to user our on certificates (actually the Openshift CA certs). No issues here.

  • Now we want to expose Kafka externally (, however we want to do that by setting up a different certificate.

  • For external application connecting to the Openshift we use TLS Termination as re-encrypt. We would like to do the same for Kafka i.e have the ability to set up TLS Termination as re-encrypt instead of Passthrough (the initial set up we tried was configure the OpenShift Routes as per

  • However looking into the schema for Kafka Listeners for the other options I also cannot see how to set up the TLS termination (or different certificates)

  • Is this possible? if not is this in the Operator Roadmap? or any idea in how this could be implemented


  • Red Hat AMQ Streams
    • 1.2.0

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In