Enabling SSL support
To encrypt the connection between a replica server and its end users,
the replica must have its own valid private key and certificate pair in
the directory specified by its
variable. Certificate and key generation and management for replica
servers works the same as it does for the (master) server. See Enabling SSL support. The users'
applications must be configured to trust the fingerprint of the replica
To encrypt the connection between a replica server and its master, the
replica must be configured so as to trust the fingerprint of the master
server. That is, the user that runs the replica
(typically a service user) must create a
P4TRUST file (using
p4 trust) that recognizes the fingerprint of the
master Helix Core server.
P4TRUST variable specifies the path to the SSL trust
file. You must set this environment variable in the following cases:
- for a replica that needs to connect to an SSL-enabled master server, or
- for an edge server that needs to connect to an SSL-enabled commit server.