Using TLS
Configure TLS encryption for Bindplane collector receivers.
What You'll Need
Before configuring TLS, ensure you have:
Server certificate in PEM format (text-based, not binary)
Private key in PEM format and unencrypted (no password protection)
Certificate chain (if using certificates from a CA with intermediates)
For mutual TLS: Client CA certificate to verify client certificates
Bindplane collectors use the OpenTelemetry Collector's configtls package for TLS configuration. For complete technical details, see the OpenTelemetry Collector TLS Configuration documentation.
Critical Format Requirements:
Only PEM format is supported (DER, PKCS#12/PFX are NOT supported)
Private keys must be unencrypted (password-protected keys will NOT work)
See Certificate Requirements for detailed format requirements
Quick Navigation
Getting Started
New to TLS? Start with the Quick Start Guide to get basic TLS configured in minutes.
Preparing certificates? Review Certificate and Key Requirements to ensure your certificates are in the correct format.
Configuration Guides
Configuring TLS between collectors and gateways? See the Gateway TLS Guide for a step-by-step walkthrough. This guide also applies to OTLP Source and Destination, which share the same TLS configuration.
Configuring TLS on receivers? See the Configuration Guide for examples and parameter reference.
Setting up mutual TLS (mTLS)? Follow the Mutual TLS Guide for two-way authentication.
Troubleshooting
Having issues? Jump to the Troubleshooting Guide for common problems and solutions.
Need to verify your setup? See Testing and Verification for OpenSSL commands and validation steps.
Wrong certificate format? Check Certificate Conversion for format conversion instructions.
Learning Resources
Want to understand TLS concepts? See TLS Concepts for background on certificates, keys, and trust.
Related Resources
Last updated
Was this helpful?