Processing messages transmitted over encrypted TLS connections requires a TLS certificate. When you create a cluster, the application automatically creates a self-signed certificate and uses is as the active certificate. This certificate is displayed in the table of TLS certificates as Default Cert.
If you do not want to use this default certificate, you can add one or more TLS certificates and make one of the added certificates active. The other certificates are displayed in the table with the switch turned off. You can make a different certificate active at any time.
You can use certificates of the following types:
A comparison of certificate types supported by the application is provided in the following table.
Comparison of supported certificate types
Property |
Self-signed |
CSR-based |
PFX |
---|---|---|---|
Must use a certification authority |
No |
Yes |
Yes |
The private key of the certificate is stored outside of the cluster |
No |
No |
Yes |
Can manually configure the certificate |
Can populate only some fields |
Can populate only some fields |
Yes |