Aiven utilises TLS (SSL) to secure the traffic between its services and client applications. This means that clients must be configured with the right tools to be able to communicate with Aiven services.

Keystores and truststores are password-protected files that should be easily accessible to the client that interacts with the service. To create these files:

  1. Log in to the Aiven web console and select your service.

  2. On the Overview page:

    1. Click Download next to Access Key and save the service.key file.

    2. Click Download next to Access Certificate and save the service.cert file.

    3. Click Download next to CA Certificate and save the ca.pem file.

  3. Use OpenSSL to create the keystore with the service.key and service.cert files:

    openssl pkcs12 -export -inkey service.key -in service.cert -out client.keystore.p12 -name service_key

    The format has to be PKCS12, which is the default since Java 9.

  4. Use the keytool utility to create the truststore with the ca.pem file as input:

    keytool -import -file ca.pem -alias CA -keystore client.truststore.jks

You can now include the output files in the configuration of client applications.

Did this answer your question?