Helix Core Server Administrator Guide: Multi-Site Deployment (2019.2)

Enabling SSL support

To encrypt the connection between a Helix Broker and its end users, your broker must have a valid private key and certificate pair in the directory specified by its P4SSLDIR environment variable. Certificate and key generation and management for the broker works the same as it does for the Helix Core server. See Enabling SSL support. The users' Helix server applications must be configured to trust the fingerprint of the broker.

To encrypt the connection between a Helix Broker and a Helix Core server, your broker must be configured so as to trust the fingerprint of the Helix Core server. That is, the user that runs p4broker (typically a service user) must create a P4TRUST file (using p4 trust) that recognizes the fingerprint of the Helix Core server, and must set P4TRUST, specifying the path to that file (P4TRUST cannot be specified in the broker configuration file).

For more information about enabling SSL for the broker, see the Support Knowledgebase article, "Enabling SSL Support for the Server/Broker/Proxy ".