Configure TLS encryption for Bindplane collector receivers.
Before configuring TLS, ensure you have:
Server certificate in PEM format (text-based, not binary)
Private key in PEM format and unencrypted (no password protection)
Certificate chain (if using certificates from a CA with intermediates)
For mutual TLS: Client CA certificate to verify client certificates
Bindplane collectors use the OpenTelemetry Collector's configtls package for TLS configuration. For complete technical details, see the OpenTelemetry Collector TLS Configuration documentation.
Critical Format Requirements:
Only PEM format is supported (DER, PKCS#12/PFX are NOT supported)
Private keys must be unencrypted (password-protected keys will NOT work)
See Certificate Requirements for detailed format requirements
New to TLS? Start with the Quick Start Guide to get basic TLS configured in minutes.
Preparing certificates? Review Certificate and Key Requirements to ensure your certificates are in the correct format.
Configuring TLS between collectors and gateways? See the Gateway TLS Guide for a step-by-step walkthrough. This guide also applies to OTLP Source and Destination, which share the same TLS configuration.
Configuring TLS on receivers? See the Configuration Guide for examples and parameter reference.
Setting up mutual TLS (mTLS)? Follow the Mutual TLS Guide for two-way authentication.
Having issues? Jump to the Troubleshooting Guide for common problems and solutions.
Need to verify your setup? See Testing and Verification for OpenSSL commands and validation steps.
Wrong certificate format? Check Certificate Conversion for format conversion instructions.
Want to understand TLS concepts? See TLS Concepts for background on certificates, keys, and trust.
Last updated
Was this helpful?
Was this helpful?
