Solace Broker - Renew Message VPN Replication certificate

akiralt
akiralt Member Posts: 5 ✭✭
in PubSub+ Event Broker #1

We have 2 clusters (cluster PRD + cluster DR).

When renewing replication certificate do we apply the new certificates only on the broker where the VPNs are active?
Kind of confusing when I need to apply new certificates on both nodes (4 brokers) and when only those where VPNs are active.

Regards

Answers

  • Aaron
    Aaron Member, Administrator, Moderator, Employee Posts: 664 admin
    edited October 2024 #2

    Hi @akiralt , I would very much assume you want to update all of your brokers' certificates… so that if/when you have a DR incident, your applications can successfully fail over.

    If you're a Solace customer, you should email support@solace.com and get an official answer.

  • Aaron
    Aaron Member, Administrator, Moderator, Employee Posts: 664 admin
    #3

    This is what I heard back from our Support team:

    We should apply the new certificates to all brokers in the cluster, not just the ones where VPNs are active. Applying certificates to all brokers ensures that if there's a failover, the standby brokers will have valid certificates and ensure there are no issues if a standby broker becomes active.

    Refer to the docs for more details:

    https://docs.solace.com/Cloud/client-certificate-replication.htm

    https://docs.solace.com/Features/DR-Replication/Steps-for-Replication-Configuration.htm

    Hope that helps..!

Categories

This Month's Leaders

This Week's Leaders