SSL encrypted connection

When the cluster has client encryption enabled, configure the SSL keys and certificates for the DataStax Apache Pulsar™ Connector.

SSL encryption settings are configured in the Client-to-node encryption options. See Configuring SSL.
You cannot use this option if specifying the cloud.secureConnectBundle option for connecting to a DataStax Astra database. If you are using the cloud.secureConnectBundle, ALL subproperties under ssl: must be empty.

Parameters

ssl:
  provider: None
  cipherSuites:
  hostnameValidation: true
  keystore:
    password:
    path:
  truststore:
    password:
    path:
  openssl:
    keyCertChain:
    privateKey:
provider

SSL provider to use, if any. Valid choices:

  • None

  • JDK

  • OpenSSL

    Defaults to None

hostnameValidation

Whether to validate node hostnames when using SSL.

Defaults to true

cipherSuites

The cipher suites to enable.

Defaults to none, resulting in a "minimal quality of service" according to JDK documentation.

keystore: password

Keystore password.

keystore: path

Path to the keystore file.

openssl: keyCertChain

Path to the SSL certificate file, when using OpenSSL.

openssl: privateKey

Path to the private key file, when using OpenSSL.

truststore: password

Truststore password.

truststore: path

Path to the truststore file.

Using a base64 encoded file

For keystore.path, truststore.path, openssl.privateKey, and openssl.keyCertChain you can encode the target file using the standard base64 tool, include it directly in the Pulsar configuration file, and the Pulsar function framework will take care of deploying it to additional Pulsar machines:

base64 -i trust-store-key

Add the output of the command to truststore: path::

truststore:
  path: base64:UEsDBBQACAAIADmJJ1IAAAAAAAAAAAAAAAAGAAkAY2EuY3J0VVQFAAFeQPdfZJTJjvI4HMTveYq5t0bZoTl8Bzt2giEOOGQh3Mi+sgVw4qcf0a25zPj2L0s/VUml+vvzIHaI95eF/YDYxAIB/lElSgi2kGWBt1UBTiCoiAUvIUcs2WyvJ1K/Mw8w7EIGeHVmkyXABlZeBEESgD4KJMpGbrEERYwRzDeIBTikkDhADTGcqBtq9it3cMW0qc4GPOEA7H8B18DCfi3ljh3kjm1QZnAEfkAu5hFKnZV6QvaeYuUHBibPSTT8OsWblmqbJgm6pzfQWaKNo......

Was this helpful?

Edit this page

Give Feedback

How can we improve the documentation?

© 2025 DataStax | Privacy policy | Terms of use | Manage Privacy Choices

Apache, Apache Cassandra, Cassandra, Apache Tomcat, Tomcat, Apache Lucene, Apache Solr, Apache Hadoop, Hadoop, Apache Pulsar, Pulsar, Apache Spark, Spark, Apache TinkerPop, TinkerPop, Apache Kafka and Kafka are either registered trademarks or trademarks of the Apache Software Foundation or its subsidiaries in Canada, the United States and/or other countries. Kubernetes is the registered trademark of the Linux Foundation.

General Inquiries: +1 (650) 389-6000, info@datastax.com