Upload Certificate Authority
Hi everyone 
,
I've been searching in the documentation and in the community forums for a while but I did not find the answers I need.
I would like to enable TLS both on my PubSub+ Cloud service and on my PubSub+ broker running in a Docker container.
What I got so far is that I need to upload a server certificate on my broker (both on the cloud instance and on the Docker one, I think). So I generated an autosigned certificate on my machine and I tried to add it to the cloud instance (Cluster Manager -> Manage -> Certificate Authority), but it responds with an "Invalid certificate" error. Maybe the problem is my autosigned certificate and I need to find another way to create one.
Speaking about the broker running on my machine, I managed to connect via ssh to the broker CLI, but still, I don't know how to upload the certificate.
I am sorry if these sound like dummy questions, but I am still new to the subject. Any help would be really helpful and, please, be patient 
Thank you!
Comments
-
Hi ludobar,
"How to upload the certificate to your local broker":
Step 1: Upload the file itself. This is described here: https://solace.community/discussion/316/how-to-copy-files-to-from-a-solace-broke.
The cert has to be copied to /usr/sw/jail/certs/ (inside the docker container).
Step 2: Configure the certificate:enable configure ssl server-certificate <filename-of-your-cert>
"How to upload the certificate to your cloud broker":
You can't do that. cloud brokers have a pre-defined server certificate.
If you want to see details about that:openssl s_client -connect <IP-or_name-for-your-cloud-broker> 55443Feel free to ask again, if something is unclear.
1 -
The pitfall with setting the server certificate as described by @uherbst is that the file uploaded needs to contain both certificate and private key, concatenated. Both in PEM format.
There was a recent discussion, I think this may help:
https://solace.community/discussion/comment/12431 -
@swenhelge said:
The pitfall with setting the server certificate as described by @uherbst is that the file uploaded needs to contain both certificate and private key, concatenated. Both in PEM format.
There was a recent discussion, I think this may help:
https://solace.community/discussion/comment/1243Thank you, I set the server certificate and it seems to have accepted it!
0 -
@uherbst said:
Hi ludobar,
"How to upload the certificate to your local broker":
Step 1: Upload the file itself. This is described here: https://solace.community/discussion/316/how-to-copy-files-to-from-a-solace-broke.
The cert has to be copied to /usr/sw/jail/certs/ (inside the docker container).
Step 2: Configure the certificate:enable configure ssl server-certificate <filename-of-your-cert>
"How to upload the certificate to your cloud broker":
You can't do that. cloud brokers have a pre-defined server certificate.
If you want to see details about that:openssl s_client -connect <IP-or_name-for-your-cloud-broker> 55443Feel free to ask again, if something is unclear.
Thank you!
About the cloud broker, do I have to download the PEM certificate provided on "connect -> solace Messaging" and add it to my trustsore?
I need to enable TLS/SSL encryption to connect to the cloud on port 8883 via MQTT.0 -
The cloud broker has the MQTTS port 8883 enabled by default. A MQTT client library typically requires a trust store or trusted CA and that is what you would use the PEM file for that you can download from the cloud console
0
