🎄 Happy Holidays! 🥳

Most of Solace is closed December 24–January 1 so our employees can spend time with their families. We will re-open Thursday, January 2, 2024. Please expect slower response times during this period and open a support ticket for anything needing immediate assistance.

Happy Holidays!

Please note: most of Solace is closed December 25–January 2, and will re-open Tuesday, January 3, 2023.

Do you have any guide to setup solace/solace-pubsub-standard over SSL?

yeikel
yeikel Member Posts: 6
edited October 8 in PubSub+ Event Broker #1

I am looking for a guide to setup the docker container solace/solace-pubsub-standard with SSL and/or test-containers

The guide https://solace.com/products/event-broker/software/getting-started/ focuses on the non-authenticated version

I tried generating a self-signed certificate and adding it to /usr/sw/jail/certs but I have been unable to connect using SSL. After ClientHello all I see is "Error communicating with the router" and I am guessing it means that I am just misconfiguring it.

This is the full code of what I tried so far:

var container =  new SolaceContainer(ImageNames.SOLACE_IMAGE)
                .withTopic(SOLACE_TEST_CONTAINER_TOPIC_NAME, Service.SMF_SSL)
                .withVpn(SOLACE_CONTAINER_VPN)
                .withClientCert(
                        // Solace Expects the certificates to be in PEM format. See https://docs.solace.com/Security/Managing-Server-Certs.htm
                        MountableFile.forHostPath(TEST_KEY_STORE.privateKeypath()),
                        MountableFile.forHostPath(TEST_KEY_STORE.signedPemCertificate())
                );

Error

javax.naming.NamingException: JNDI lookup failed - (Client name: GVM63V6Y0W/7432/887b8dc0d3233a520001/fQYf-7WNft   ) - Error communicating with the router.
 [Root exception is com.solacesystems.jcsmp.JCSMPTransportException: (Client name: GVM63V6Y0W/7432/887b8dc0d3233a520001/fQYf-7WNft   ) - Error communicating with the router.]
	at com.solacesystems.jndi.SolJNDIInitialContextFactory$SolJNDIInitialContextImpl.makeNamingException(SolJNDIInitialContextFactory.java:116)
	at com.solacesystems.jndi.SolJNDIInitialContextFactory$SolJNDIInitialContextImpl.lookup(SolJNDIInitialContextFactory.java:248)
	at java.naming/javax.naming.InitialContext.lookup(InitialContext.java:409)
	at java.naming/javax.naming.InitialContext.lookup(InitialContext.java:409)
	at com.axp.c360.core.access.impl.solace.SolaceQueueProducer.<init>(SolaceQueueProducer.java:48)
	at com.axp.c360.core.access.impl.solace.QueueMessageFactory.buildProducer(QueueMessageFactory.java:167)
	at com.axp.c360.core.access.impl.solace.QueueMessageFactory.getSolaceProducer(QueueMessageFactory.java:162)
	at com.axp.c360.core.access.impl.solace.SolaceQueueConsumerTest.testConsumer(SolaceQueueConsumerTest.java:14)
	at java.base/java.lang.reflect.Method.invoke(Method.java:569)
	at java.base/java.util.ArrayList.forEach(ArrayList.java:1511)
	at java.base/java.util.ArrayList.forEach(ArrayList.java:1511)
Caused by: com.solacesystems.jcsmp.JCSMPTransportException: (Client name: GVM63V6Y0W/7432/887b8dc0d3233a520001/fQYf-7WNft   ) - Error communicating with the router.
	at com.solacesystems.jcsmp.protocol.impl.TcpChannel.sendLoginRequestWaitForLoginResponse(TcpChannel.java:254)
	at com.solacesystems.jcsmp.protocol.impl.ChannelOpStrategyClient.performOpen(ChannelOpStrategyClient.java:98)
	at com.solacesystems.jcsmp.protocol.impl.TcpClientChannel.performOpenSingle(TcpClientChannel.java:397)
	at com.solacesystems.jcsmp.protocol.impl.TcpClientChannel.access$1000(TcpClientChannel.java:132)
	at com.solacesystems.jcsmp.protocol.impl.TcpClientChannel$ClientChannelConnect.call(TcpClientChannel.java:2672)
	at com.solacesystems.jcsmp.protocol.impl.TcpClientChannel.open(TcpClientChannel.java:376)
	at com.solacesystems.jcsmp.impl.JCSMPBasicSession.sniffRouter(JCSMPBasicSession.java:442)
	at com.solacesystems.jcsmp.impl.JCSMPBasicSession.executeJndiQuery(JCSMPBasicSession.java:1104)
	at com.solacesystems.jndi.SolJNDIInitialContextFactory$SolJNDIInitialContextImpl.lookup(SolJNDIInitialContextFactory.java:213)
	... 9 more
Caused by: java.nio.channels.ClosedChannelException
	at io.netty.handler.ssl.SslHandler.channelInactive(SslHandler.java:1154)
	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelInactive(AbstractChannelHandlerContext.java:303)
	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelInactive(AbstractChannelHandlerContext.java:281)
	at io.netty.channel.AbstractChannelHandlerContext.fireChannelInactive(AbstractChannelHandlerContext.java:274)
	at io.netty.channel.DefaultChannelPipeline$HeadContext.channelInactive(DefaultChannelPipeline.java:1402)
	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelInactive(AbstractChannelHandlerContext.java:301)
	at io.netty.channel.AbstractChannelHandlerContext.invokeChannelInactive(AbstractChannelHandlerContext.java:281)
	at io.netty.channel.DefaultChannelPipeline.fireChannelInactive(DefaultChannelPipeline.java:900)
	at io.netty.channel.AbstractChannel$AbstractUnsafe$7.run(AbstractChannel.java:811)
	at io.netty.util.concurrent.AbstractEventExecutor.runTask(AbstractEventExecutor.java:173)
	at io.netty.util.concurrent.AbstractEventExecutor.safeExecute(AbstractEventExecutor.java:166)
	at io.netty.util.concurrent.SingleThreadEventExecutor.runAllTasks(SingleThreadEventExecutor.java:469)
	at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:566)
	at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:994)
	at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74)
	at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
	at java.base/java.lang.Thread.run(Thread.java:840)
	Suppressed: io.netty.handler.ssl.StacklessSSLHandshakeException: Connection closed while SSL/TLS handshake was in progress
		at io.netty.handler.ssl.SslHandler.channelInactive(Unknown Source)

Tagged:

Answers

  • rey
    rey Member, Administrator, Employee Posts: 12 admin

    @yeikel,

    Did you use the Solace CLI to add the certificate? This link gives details on how to copy the certificate in, then use the CLI to configure the broker: Managing Certificates.