How to enable TLS connection in spring boot?

Ali
Ali Member Posts: 3
Hello everyone,
I have successfully integrated queue communication in solace with spring boot but I'm facing an issue.
I want to make it such that any client without a valid certificate (jks) is not allowed to connect even if the credentials are valid.

It seems that the default settings allow anyone with credentials to connect without a certificate.

I tried following the docs and fiddling with the settings (both the java and the solace cloud gui), but nothing seems to work.

Any tips would be greatly appreciated!

Answers

  • marc
    marc Member, Administrator, Moderator, Employee Posts: 916 admin

    Hi @Ali ,

    Are you wanting clients to authenticate using client certificate authentication or basic authentication (username/password)?

    Either way you should disable the unsecured SMF port (by default 55555) and ensure clients are connecting via the secured SMF port (by default 55443). They will only be able to connect via that port if they have a valid certificate to establish the TLS handshake. On top of that, if you want to only use client certificate auth you can disable basic authentication completely so they can only authenticate via their certificate that must be signed by a certificate authority that your broker trusts.

    Hope that helps!