.. _controlcenter_security_ssl:

Configuring SSL 
---------------

.. important::
  Having a working understanding of the following topics will help in setting up a secured |c3-short| successfully.
    - A |ak-tm| broker setup using :ref:`the existing SSL documentation<kafka_ssl_authentication>`.
    - Familiarity with :ref:`Authorization Settings <controlcenter_configuration_encryption>`
    - Locations of the properties files for |ak| brokers, Connect producers and consumers, and the |c3-short|

Simply having a secured |ak| broker does not guarantee that the |c3-short| is secured and working. Each component communicating with a secured |c3-short|
requires a specific config to be set by prefix. The prefixes ``confluent.controlcenter.streams.``, ``confluent.metrics.reporter.``, ``producer.``, ``consumer.``, and ``confluent.monitoring.interceptor.`` 
could conceivably be configured (in different files of the |c3-short| stack) to secure the |c3-short| end to end. Not all configuration settings may be required.

The |c3-short| supports SSL one and two way authentication and can be enabled for different communications. Some possible configurations are:

- secured Client interceptors (Connect/Confluent/regular client) -> secured |c3-short| Broker
- secured |ak| Broker -> secured |c3-short| Broker
- secured Metrics Reporter + (un)secured |ak| Broker -> secured |c3-short| Broker

.. _controlcenter_ssl_broker:
.. include:: includes/ssl_broker.rst

.. _control_center_ssl_c3:
.. include:: includes/ssl_c3.rst

.. _controlcenter_ssl_connect:
.. include:: includes/ssl_connect.rst