TLS/SSL Certificates Overview
This topic will guide you through the different certificate strategies that you can employ on your cluster to allow TLS/SSL clients to securely connect to servers using trusted certificates or certificates issued by trusted authorities. The set of certificates required depends upon the certificate provisioning strategy you implement. The following strategies are possible:
- Public CA-signed certificates: Using certificates signed by a trusted public certificate authority (CA) simplifies the integration procedure, because the default Java client already trusts the CA.
- Internal CA-signed certificates: Using certificates signed by an internal CA can also simplify integration if your infrastructure already trusts the internal CA. Otherwise, you must configure all hosts to trust your internal CA.
- Self-signed certificates: Using self-signed certificates complicates the deployment process because you must configure all clients of a particular service to trust the specific certificate used by that service.