I have my broker running on a Ubuntu instance on EC2, with a domain www.domain.com. I have a SSL certificate from the same website that I bought the domain from. It is something like this :
-----BEGIN CERTIFICATE-----
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
-----END CERTIFICATE-----
I understand that I also need private keys, client certificate etc to implement SSL authentication. Where do I get the other documents from? Do I generate them on the server?
CodePudding user response:
You should already have the private key file.
In order to create a certificate you should have generated a private key, then used that to create a Certificate Signing Resquest (CSR) which you sent to the Certificate Authority for signing with the CA Root key which is how the Certificate was created.
The private key file is something that NO other person/entity should ever have access to as with it they can impersonate your domain.