Connecting Solace using Python with TLS

Options
jawaharyuvr
jawaharyuvr Member Posts: 4
edited April 2023 in General Discussions #1

Hi @Tamimi , kindly help with below connection error whether certificates are not loading or need to do changes in code.

from solace.messaging.messaging_service import MessagingService, RetryStrategy
from solace.messaging.config.transport_security_strategy import TLS
from solace.messaging.config.authentication_strategy import ClientCertificateAuthentication
broker_props = {
  "solace.messaging.transport.host": "tcps://xxxx.xxxx:5xxx3",
  "solace.messaging.service.vpn-name": "vpn-xx-xxx-t1",
  "solace.messaging.authentication.scheme.basic.username": "xxxx-user",
  "solace.messaging.authentication.scheme.basic.password": "default",
  }
transport_security_strategy = TLS.create() \
  .with_certificate_validation(True, False,
        trust_store_file_path="C:\\Users\\xxxxx\\xxxxx\\solace\\")
messaging_service = MessagingService.builder().from_properties(broker_props)\
  .with_reconnection_retry_strategy(RetryStrategy.parametrized_retry(20,3))\
  .with_transport_security_strategy(transport_security_strategy)\
    .with_authentication_strategy\
    (ClientCertificateAuthentication.of
     (certificate_file="C:\\Users\\xxxx\\xxxxx\\solace\\xxxx-user.pem",
      key_file="C:\\Users\\xxxx\\xxxxx\\solace\\xxxx-user.key",key_password="changeit"))\
    .build()
messaging_service.connect()


aise PubSubPlusClientError(message=f'{FAILED_TO_LOADING_CERTIFICATE_AND_KEY} {core_exception_msg}')

solace.messaging.errors.pubsubplus_client_error.PubSubPlusClientError: (PubSubPlusClientError(...), 'SESSION CREATION UNSUCCESSFUL. Failed to load certificate. {\'caller_description\': \'do_connect\', \'return_code\': \'Fail\', \'sub_code\': \'SOLCLIENT_SUBCODE_FAILED_LOADING_CERTIFICATE_AND_KEY\', \'error_info_sub_code\': 102, \'error_info_contents\': "Failed to add the private key from file \'/xxx/xxx/dps/xxx-xxx-user.key\', session \'(c0,s1)_vpn-xx-xxxx-t1\'"}')

Tagged:

Comments

  • marc
    marc Member, Administrator, Moderator, Employee Posts: 923 admin
    edited April 2023 #2
    Options

    Hi @jawaharyuvr,

    To me this looks like a certificate access issue. Here are a few things to check:

    1. Is the path to the file correct?
    2. Does the user that your app is running as have read permissions on the directory & file where the cert is stored?
    3. Is the file a valid x509 cert? (Some commands here that can help with that: https://serverfault.com/questions/215606/how-do-i-view-the-details-of-a-digital-certificate-cer-file)
    4. Verify that the password is correct for the key. You can do that with openssl as well. It should be something like this openssl rsa -in /path/to/private/key -check

    Hope that helps!

  • jawaharyuvr
    jawaharyuvr Member Posts: 4
    Options

    Hi @marc, Thanks for your inputs, able to connect Solace :-)

  • Tamimi
    Tamimi Member, Administrator, Employee Posts: 499 admin
    Options

    Awesome! Thanks @marc for the input