.. _controlcenter_security_ssl:

Configuring SSL 
---------------

.. important::
  Having a working understanding of the following topics will help in setting up a secured Control Center sucessfully.
    - A Kafka broker setup using :ref:`the existing SSL documentation<kafka_ssl>`.
    - Familiarity with :ref:`Authorization Settings <controlcenter_configuration_encryption>`
    - Locations of the properties files for Kafka brokers, Connect producers and consumers, and the Control Center

Simply having a secured Kafka broker does not guarentee that the Control Center is secured and working. Each component communicating with a secured Control Center
requires a specific config to be set by prefix. The prefixes ``confluent.controlcenter.streams.``, ``confluent.metrics.reporter.``, ``producer.``, ``consumer.``, and ``confluent.monitoring.interceptor.`` 
could conceiveably be configured (in different files of the Control Center stack) to secure the Control Center end to end. Not all confliguration settings may be required. 
For instance, if you have not :ref:`enabled the metrics reporter for a Kafka broker<controlcenter_quickstart_metrics_reporter>`, there is no need to configure security for it.

The control center supports SSL one and two way authentication and can be enabled for different communications. Some possible configurations are:

- secured Client interceptors (Connect/Confluent/regular client) -> secured Control Center Broker
- secured Kafka Broker -> secured Control Center Broker
- secured Metrics Reporter + (un)secured Kafka Broker -> secured Control Center Broker

.. _controlcenter_ssl_broker:
.. include:: ssl_broker.rst

.. _control_center_ssl_c3:
.. include:: ssl_c3.rst

.. _controlcenter_ssl_connect:
.. include:: ssl_connect.rst