🎄 Happy Holidays! 🥳
Most of Solace is closed December 24–January 1 so our employees can spend time with their families. We will re-open Thursday, January 2, 2024. Please expect slower response times during this period and open a support ticket for anything needing immediate assistance.
Happy Holidays!
Please note: most of Solace is closed December 25–January 2, and will re-open Tuesday, January 3, 2023.
Solace Broker - Renew Message VPN Replication certificate
We have 2 clusters (cluster PRD + cluster DR).
When renewing replication certificate do we apply the new certificates only on the broker where the VPNs are active?
Kind of confusing when I need to apply new certificates on both nodes (4 brokers) and when only those where VPNs are active.
Regards
Answers
-
Hi @akiralt , I would very much assume you want to update all of your brokers' certificates… so that if/when you have a DR incident, your applications can successfully fail over.
If you're a Solace customer, you should email support@solace.com and get an official answer.
0 -
This is what I heard back from our Support team:
We should apply the new certificates to all brokers in the cluster, not just the ones where VPNs are active. Applying certificates to all brokers ensures that if there's a failover, the standby brokers will have valid certificates and ensure there are no issues if a standby broker becomes active.
Refer to the docs for more details:
https://docs.solace.com/Cloud/client-certificate-replication.htm
https://docs.solace.com/Features/DR-Replication/Steps-for-Replication-Configuration.htm
Hope that helps..!
0
