CloudKarafka SSL certificate renewal

Written by Patrik Ragnarsson

The SSL/TLS certificate, *, used by shared and dedicated clusters expires at the end of December and needs to be rotated during a scheduled maintenance window on Tuesday, December 15, 2020. The schedule will be as follows:

Start time 2020-12-15 08:00 UTC
End time 2020-12-15 11:00 UTC

During the maintenance window, we will be performing rolling restarts of all Kafka clusters, to load the new certificate.


The certificate renewal means the top Root CA will change. The new root will be

USERTrust RSA Certification Authority with SHA256 Fingerprint

If you have configured your Kafka clients to trust our certificate chain explicitly, you need to take action. The new certificate chain is available at, if you still need to trust it explicitly.

Note: If you are using client SSL certificates for authentication, these are not affected by the certificate renewal.

Updates regarding the certificate rotation will be posted to To receive notifications, you can subscribe to updates on the status page.

If you have any questions or concerns regarding the upcoming certificate renewal, send an email to

All the best,
The CloudKarafka Team

CloudKarafka - Industry Leading Apache Kafka as a Service