22 Mar 2020 | Andreas Müller
A certificate is issued by someone. This can either be a Certificate Authority (CA) like Verisign or letsencrypt.org (free) or it can be you in which case it is called a self-signed certificate.
CA certificates are used for public services like cloud providers. They work out of the box with any Java application (so with Flow Director) because they are verified against the JVM's internal cacert database.
Self-signed certificates are used internally for development and test. This article is about deploying self-signed certificates that go into the trust store (one-way authentication).
Make sure the certificate is available as a PEM file. If necessary, convert it accordingly.
Then attach the PEM file to the flow that uses a TLS connection, i.e., a MQTTS connection to a MQTT broker:
Drop the PEM file here:
Configure the connection flow component to use TLS.
Deploy and activate the flow. During deploy, the certificate is transferred and added to the trust store of the destination SwiftMQ router and used by standard Java mechanism so the TLS authentication and encryption will then work out of the box.
If you undeploy the flow, the certificate will be removed from the trust store.
TLS with certificates issued by a Certificate Authority (CA) works without any further configuration. Self-signed certificates are attached to flows and automatically deployed and added to the trust store of the destination router.
Andreas is a well-known messaging expert, creator of SwiftMQ and in his side job CEO of IIT Software GmbH. He leads the overall development of Flow Director and has an eye on any piece to fit into the whole picture.