Added a new subsection configuring certificates in the configuration …

[pratik-mahalle]

• I have read and followed the
  contribution guidelines,
  including the First-time contributing? note.
• This PR includes AI generated content, and I have read and conform to
  the
  Generative AI Contribution Policy.

Changes Made

Added a new subsection "Using certificates in the Collector" after the certificate generation steps, which includes:

1. TLS configuration for receivers (server-side) - Shows how to configure cert_file and key_file for the OTLP receiver to encrypt incoming connections

2. TLS configuration for exporters (client-side) - Shows how to configure ca_file to verify the server's certificate, and optionally cert_file/key_file to present a client certificate

3. mTLS configuration (mutual TLS) - Demonstrates how to set up mutual authentication where:

   • The receiver uses client_ca_file to verify client certificates
   • The exporter provides both CA and client certificate

4. Common TLS settings table - A reference table with all available TLS configuration options:

   • ca_file, cert_file, key_file, client_ca_file
   • insecure, insecure_skip_verify
   • min_version, max_version
   • reload_interval

5. Link to configtls documentation - Points to the official Go package documentation for more details

Closes: #8003

[tiffany76]

@open-telemetry/collector-approvers, PTAL. Thanks.

[jade-guiton-dd]

The explanation seems good, if a bit redundant, especially since there are already examples here

[pratik-mahalle]

The explanation seems good, if a bit redundant, especially since there are already examples here

Thanks for the feedback — that makes sense 👍

I took another look at this section alongside the existing configtls README, and I agree there’s some overlap in terms of explanations and examples. My initial intent was to make this document self-contained, but I see how that can become redundant given the dedicated TLS docs.

One possible approach could be to trim this section down to:

• briefly explain when and why TLS is needed here,

• keep the certificate generation example (since it’s more procedural),

• and link out to the configtls README for the full set of options and examples.

That said, I’m happy to align with whatever level of detail you think is appropriate for this doc. Let me know if you’d prefer a more concise version that defers to the existing TLS documentation, and I can update it according

[jade-guiton-dd]

I think this is fine as-is, my only worry would be about the two docs getting out-of-sync, but I doubt configtls will see changes in the short term anyway.

[pratik-mahalle]

That makes sense — thanks for the clarification.
I agree the risk of them getting out of sync is fairly low, and I’m happy to keep this as-is for now. If configtls does evolve in the future, we can always revisit and realign the docs then.

[pratik-mahalle]

/fix:refcache

[otelbot-docs]

✅ fix:refcache applied successfully in run 20750190111.

[pratik-mahalle]

/fix:refcache

[otelbot-docs]

✅ fix:refcache applied successfully in run 20923025742.

[vitorvasc]

/fix:all

[otelbot]

ℹ️ fix:all made no changes. Nothing to commit.

[vitorvasc]

/fix:refcache

[otelbot-docs]

✅ fix:refcache applied successfully in run 21062858058.

[vitorvasc]

LGTM! Thanks for taking this one, @pratik-mahalle.

@tiffany76 @jade-guiton-dd let me know if there are any further comments. Otherwise, we can merge it. 🙂

[tiffany76]

LGTM!