Some features described in this article are available starting with meshIQ Manage version 12 and greater.
For a quick overview of what's new or changed, visit the meshIQ Highlights page for a version-by-version breakdown.  

Jump to Section:
Version 11.2 and Earlier
Version 12.x and Later

Version 11.2 and Earlier

This article will guide you through the process of creating a Solace Client Certificate Authority.

Event broker services use certificates to authenticate the servers that they establish TLS connections with. Certificates are issued by a certificate authority (CA). For security, administrators can require client applications to present a client certificate to authenticate their identity to an event broker service to establish a mutual TLS connection. The Client CA trust store can contain CA certificates that enable event broker services to authenticate clients using client certificate authentication for incoming TLS connections.

Before creating the Client Certificate Authority, you must establish a Solace Manager connection. To learn how, click on Create Remote Solace Manager Connection.

Create a Solace Client Certificate Authority

You can create a Solace Client Certificate Authority by following these steps: 

1. Open the Client Certificate Authority viewlet, click the Add button  . 
2. The Select Object Path window will open. Specify the Workgroup server, Node, and Broker, then click Select path.
   By default, all available Workgroup servers, Nodes and Brokers are selected. If you want to limit the selection, you must explicitly choose which ones to include.
3. The Solace Client Certificate Authority Create Window will open. Enter the Client Certificate Authority Name (required) and populate other needed details.
   
4. Click Ok to create the client certificate authority immediately. Alternatively, click Schedule to create it at a future time (see Scheduling for details).
5. Now, go to the Client Certificate Authority viewlet to see the newly added object. If you can't find it, refresh the viewlet using the Refresh icon. 

_______________________________________________________________________________________________________________

Version 12.x and Later

This article will guide you through the process of creating a Solace Client Certificate Authority.

Event broker services use certificates to authenticate the servers that they establish TLS connections with. Certificates are issued by a certificate authority (CA). For security, administrators can require client applications to present a client certificate to authenticate their identity to an event broker service to establish a mutual TLS connection. The Client CA trust store can contain CA certificates that enable event broker services to authenticate clients using client certificate authentication for incoming TLS connections.

Before creating the Client Certificate Authority, you must establish a Solace Manager connection. To learn how, click on Create Remote Solace Manager Connection.

Create a Solace Client Certificate Authority

You can create a Solace Client Certificate Authority by following these steps: 

1. Open the Client Certificate Authority viewlet, click the Add Solace Client Certificate Authority  button. 
2. The Select Object Path window will opens. Specify the Workgroup server, Node, and Broker, then click Select path.
   By default, all available Workgroup servers, Nodes and Brokers are selected. If you want to limit the selection, you must explicitly choose which ones to include.
3. The Solace Client Certificate Authority Create Window will open. Enter the Client Certificate Authority Name (required) and populate other needed details.
   
4. Click Ok to create the client certificate authority immediately. Alternatively, click Schedule to create it at a future time (see Scheduling for details).
5. Now, go to the Client Certificate Authority viewlet to see the newly added object. If you can't find it, refresh the viewlet using the Refresh icon.