Using a Certificate Authority signed certificates for the Broker

If using a PKCS#12 keystore you can create a Certificate Signing Request (CSR) from the self-signed certificate keystore created earlier by following the procedure at Creating Certificate Authority signed certificates or you can also create a brand new Broker self-signed certificate before creating the CSR. In this case follow the procedure at Creating a self signed certificate.

If using a PEM keystore you should obtain the following items

  • A certificate for each broker in your environment.
  • The root certificate and any intermediate certificates for the CA.
Note: As different CA’s will operate in different ways you should consult the CA’s documentation for instructions on how to obtain these.
PEM files can be generated with the OpenSSL command line tool or other third party tools. The OpenSSL command-line tool is not shipped with Remote Control. The PEM file needs to contain the following items, in the order listed below.
  1. Broker's certificate
  2. Any intermediate certificates, if required
  3. Root certificate
  4. Broker's private key

When you have created the certificate files you should copy the keystore to the broker machine and configure the broker properties, for more details, see Configuring the keystore on the broker.

The Certificate Authority root certificate certificate should then be added to the Remote Control server, see Truststore configuration.