While trying to setup failover broker with SSL enabled, the following exception is reported: ‘java.sql.SQLException: socket creation error’ and the failover broker fails to start. This error occurs because failover broker tries to login to DB of the primary broker, but the primary's certificate is not added in the failover's SSL keystore so it fails to create a socket connection.

While trying to setup failover broker with SSL enabled, the following exception is reported: ‘java.sql.SQLException: socket creation error’ and the failover broker fails to start.

N/A

1).  Create the certificates and configure SSL as per the cloud administration guide on the primary machine. Remember to set a common name as the primary machine's server name in server.crt and edit server.xml as per the guide. Install the primary broker through the GUI and restart it.

2). While configuring the Failover broker's SSL, take the server.crt of the primary broker and import it to ssl.keystore of the Failover broker along with the server.crt for failover. The ssl.keystore of the failover broker will have the server.crt of both the primary and failover.

Example: Consider the primserver.crt to be the certificate of the primary broker and server.crt to be the certificate of Failover. Each of them has their respective machine’s name as a common name in their certificate.

Steps to be followed while creating SSL certificates on Failover:
a). keytool -importcert -file server.crt -keystore ssl.keystore -alias MySelfSigned -storepass changeit
b). keytool -importcert -file prismerver.crt -keystore ssl.keystore -alias MySelfSignedPrimary -storepass changeit

The rest of the steps for SSL configuration is the same as the primary broker setup as mentioned in the SF Cloud administration guide.

3). Install the Failover broker through the GUI and restart it. The Failover broker should come up without any issue.