.. _controlcenter_security_ssl:

Configuring SSL
---------------

.. important::
   An understanding of the following topics will help in successfully 
   securing |c3-short|:

   - An |ak-tm| broker set up using 
     :ref:`the existing SSL documentation<kafka_ssl_authentication>`.
   - Familiarity with :ref:`Authorization Settings <controlcenter_configuration_encryption>`.
   - Locations of the properties files for |ak| brokers, Connect producers and 
     consumers, and |c3-short|.

Simply having a secured |ak| broker does not guarantee that |c3-short| is 
secured and working properly. Each component that communicates with a secured 
|c3-short| instance requires a specific configuration to be set by its prefix. 
Prefixes such as ``confluent.controlcenter.streams.``, 
``confluent.metrics.reporter.``, ``producer.``, ``consumer.``, and 
``confluent.monitoring.interceptor.`` could conceivably be configured in 
different files of the |cp| stack to secure |c3-short| end-to-end. Not all 
configuration settings may be required; consult the configuration references for 
each component you are configuring.

|c3-short| supports SSL one- and two-way authentication and can be enabled for 
different communications. Some possible configurations are:

- secured Client interceptors (Connect/Confluent/regular client) -> secured 
  |c3-short| Broker
- secured |ak| Broker -> secured |c3-short| Broker
- secured Metrics Reporter + secured |ak| Broker -> secured |c3-short| Broker

.. _controlcenter_ssl_broker:
.. include:: includes/ssl_broker.rst

.. _control_center_ssl_c3:
.. include:: includes/ssl_c3.rst

.. _controlcenter_ssl_connect:
.. include:: includes/ssl_connect.rst