How to set up certificates for Kafka when using strimzi operator ?

Solution Verified - Updated -


  • We installed Kafka using the strimzi operator in our Openshift platform during install of Kafka Cluster we opt to user our on certificates (actually the Openshift CA certs). No issues here.

  • Now we want to expose Kafka externally (, however we want to do that by setting up a different certificate.

  • For external application connecting to the Openshift we use TLS Termination as re-encrypt. We would like to do the same for Kafka i.e have the ability to set up TLS Termination as re-encrypt instead of Passthrough (the initial set up we tried was configure the OpenShift Routes as per

  • However looking into the schema for Kafka Listeners for the other options I also cannot see how to set up the TLS termination (or different certificates)

  • Is this possible? if not is this in the Operator Roadmap? or any idea in how this could be implemented


  • Red Hat AMQ Streams
    • 1.2.0

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content