Choosing a certificate from JKS

Hello HiveMQ Community,

I am configuring HiveMQ broker with TLS on port 8883 using a Java KeyStore (JKS) file. My JKS contains two certificates, how to choose which cert should be used by the broker.

Here’s the relevant section of my config.xml file:

<tls-tcp-listener>
    <port>8883</port>
    <bind-address>0.0.0.0</bind-address>
    <tls>
        <keystore>
            <path>hivemq.jks</path>
            <password>pass</password>
            <private-key-password>pass</private-key-password>
        </keystore>
    </tls>
</tls-tcp-listener>

Hello @Ragavee

Welcome to the HiveMQ Community! There’s no need to explicitly “choose” a certificate in the keystore. During the TLS handshake process, the broker automatically selects the first matching certificate it finds based on the requested Fully Qualified Domain Name (FQDN).

Kind regards,
Diego from HiveMQ Team

1 Like