Connecting Solace using Python with TLS

jawaharyuvr Member Posts: 4
edited April 2023 in General Discussions #1

Hi @Tamimi , kindly help with below connection error whether certificates are not loading or need to do changes in code.

from solace.messaging.messaging_service import MessagingService, RetryStrategy
from solace.messaging.config.transport_security_strategy import TLS
from solace.messaging.config.authentication_strategy import ClientCertificateAuthentication
broker_props = {
  "": "tcps://xxxx.xxxx:5xxx3",
  "solace.messaging.service.vpn-name": "vpn-xx-xxx-t1",
  "solace.messaging.authentication.scheme.basic.username": "xxxx-user",
  "solace.messaging.authentication.scheme.basic.password": "default",
transport_security_strategy = TLS.create() \
  .with_certificate_validation(True, False,
messaging_service = MessagingService.builder().from_properties(broker_props)\

aise PubSubPlusClientError(message=f'{FAILED_TO_LOADING_CERTIFICATE_AND_KEY} {core_exception_msg}')

solace.messaging.errors.pubsubplus_client_error.PubSubPlusClientError: (PubSubPlusClientError(...), 'SESSION CREATION UNSUCCESSFUL. Failed to load certificate. {\'caller_description\': \'do_connect\', \'return_code\': \'Fail\', \'sub_code\': \'SOLCLIENT_SUBCODE_FAILED_LOADING_CERTIFICATE_AND_KEY\', \'error_info_sub_code\': 102, \'error_info_contents\': "Failed to add the private key from file \'/xxx/xxx/dps/xxx-xxx-user.key\', session \'(c0,s1)_vpn-xx-xxxx-t1\'"}')



  • marc
    marc Member, Administrator, Moderator, Employee Posts: 923 admin
    edited April 2023 #2

    Hi @jawaharyuvr,

    To me this looks like a certificate access issue. Here are a few things to check:

    1. Is the path to the file correct?
    2. Does the user that your app is running as have read permissions on the directory & file where the cert is stored?
    3. Is the file a valid x509 cert? (Some commands here that can help with that:
    4. Verify that the password is correct for the key. You can do that with openssl as well. It should be something like this openssl rsa -in /path/to/private/key -check

    Hope that helps!

  • jawaharyuvr
    jawaharyuvr Member Posts: 4

    Hi @marc, Thanks for your inputs, able to connect Solace :-)

  • Tamimi
    Tamimi Member, Administrator, Employee Posts: 499 admin

    Awesome! Thanks @marc for the input