The peer certificate is not trusted,

anjalimariam
anjalimariam Member Posts: 5

Hi,

I am trying to create a Python publisher here , trying to get it connected to my eventbroker and send a few messages. I get the following error when trying to run the code :

C:\Users\AnjaliMariam\Desktop\Solace>python publisher5.py
2025-01-24 14:18:15,940 [WARNING] solace.messaging.core: [_solace_transport.py:72] [[SERVICE: 0x23407fbe900] - [APP ID: 2VR4YY1/19360/00000001/5uOJ3ZRZXo]] SESSION CREATION UNSUCCESSFUL. Untrusted certificate. {'caller_description': 'From service event callback', 'return_code': 'Ok', 'sub_code': 'SOLCLIENT_SUBCODE_UNTRUSTED_CERTIFICATE', 'error_info_sub_code': 99, 'error_info_contents': "Session '(c0,s1)_sampleeventbroker': The peer certificate is not trusted, rc='unable to get local issuer certificate'"}
2025-01-24 14:18:15,941 [WARNING] solace.messaging.core: [_solace_transport.py:72] [[SERVICE: 0x23407fbe900] - [APP ID: 2VR4YY1/19360/00000001/5uOJ3ZRZXo]] SESSION CREATION UNSUCCESSFUL. Untrusted certificate. {'caller_description': 'do_connect', 'return_code': 'Not ready', 'sub_code': 'SOLCLIENT_SUBCODE_UNTRUSTED_CERTIFICATE', 'error_info_sub_code': 99, 'error_info_contents': "Session '(c0,s1)_sampleeventbroker': The peer certificate is not trusted, rc='unable to get local issuer certificate'"}
2025-01-24 14:18:15,942 [WARNING] solace.messaging.connections: [messaging_service.py:1262] [[SERVICE: 0x23407fbe900] - [APP ID: 2VR4YY1/19360/00000001/5uOJ3ZRZXo]] Connection failed. Status code: 3
Traceback (most recent call last):
File "C:\Users\AnjaliMariam\Desktop\Solace\publisher5.py", line 26, in <module>
messaging_service.connect()
~~~~~~~~~~~~~~~~~~~~~~~~~^^
File "C:\Users\AnjaliMariam\AppData\Local\Programs\Python\Python313\Lib\site-packages\solace\messaging\messaging_service.py", line 1263, in connect
raise error
solace.messaging.errors.pubsubplus_client_error.PubSubPlusCoreClientError: SESSION CREATION UNSUCCESSFUL. Untrusted certificate. {'caller_description': 'do_connect', 'return_code': 'Not ready', 'sub_code': 'SOLCLIENT_SUBCODE_UNTRUSTED_CERTIFICATE', 'error_info_sub_code': 99, 'error_info_contents': "Session '(c0,s1)_sampleeventbroker': The peer certificate is not trusted, rc='unable to get local issuer certificate'"}

The following is my code :

import time
from solace.messaging.messaging_service import MessagingService
from solace.messaging.config.retry_strategy import RetryStrategy
from solace.messaging.config.authentication_strategy import BasicUserNamePassword
from solace.messaging.config.transport_security_strategy import TLS broker_props = {
"solace.messaging.transport.host": "tcps://mr-connection-yorkxssjw83.messaging.solace.cloud:55443",
"solace.messaging.service.vpn-name": "sampleeventbroker", # Your VPN name
"solace.messaging.authentication.scheme.basic.username": "solace-cloud-client", # Your username
"solace.messaging.authentication.scheme.basic.password": "ir1qgm84e37bot6nve5hrv8qr7", # Your password
"solace.messaging.tls.trust-store-path": "C:\Users\AnjaliMariam\Desktop\Solace\clientCert1.pem"
} transport_security = TLS.create() .with_certificate_validation(True, validate_server_name=False, trust_store_file_path="C:\Users\AnjaliMariam\Desktop\Solace\clientCert1.pem") messaging_service = MessagingService.builder().from_properties(broker_props) .with_reconnection_retry_strategy(RetryStrategy.parametrized_retry(20, 3)) .with_transport_security_strategy(transport_security) .with_authentication_strategy(BasicUserNamePassword.of("solace-cloud-client", "*password*")) .build() messaging_service.connect() Create a session for publishing messages session = messaging_service.create_session() queue_name = 'QueueSample' # The queue I created Publish five messages from Publisher 1 for i in range(1, 6):
message = f'Message {i} from Publisher 1'
session.send_message(queue_name, message)
print(f'Publisher 1: Sent {message}')
time.sleep(30) session.disconnect()

Anyone have any ideas to get the code running and publish messages to the event broker?


Thank you

Answers

  • Tamimi
    Tamimi Member, Administrator, Employee Posts: 549 admin

    Hey @anjalimariam - did you get the chance to check this samples repo here? Here is an example to using TLS

  • anjalimariam
    anjalimariam Member Posts: 5

    Yes, I took a look now, but I didn't understand much as I dont have any coding experience.

  • anjalimariam
    anjalimariam Member Posts: 5

    Also, after making some changes I am getting the following error:

    2025-01-27 19:10:35,327 [WARNING] solace.messaging.core: [_solace_session.py:885] [[SERVICE: 0x1cf1b0b2a50] - [APP ID: None]] SOLCLIENT_SUBCODE_FAILED_LOADING_TRUSTSTORE
    2025-01-27 19:10:35,327 [WARNING] solace.messaging.core: [_solace_session.py:887] [[SERVICE: 0x1cf1b0b2a50] - [APP ID: None]] SESSION CREATION UNSUCCESSFUL. Failed to load trust store.

  • Tamimi
    Tamimi Member, Administrator, Employee Posts: 549 admin

    @anjalimariam the error seems to be that the trust store files are not being located by your script. Did you install the cert in the trusted-store directory? If you are connecting to a solace cloud service, you can install the .pem certificate from the "Connect" tab then under Solace Messaging click "Download PEM" in the TrustStore section. Make sure that cert is placed in the right directory so that your python client can locate it.

    May I ask what is your use case? What are you trying to accomplish? Happy to help out!

  • anjalimariam
    anjalimariam Member Posts: 5

    Yes, I did the same. I downloaded the .pem file from connect tab for python. and gave the exact location in the code. But still get the error of "the peer certificate is not trusted.
    I am trying to do the following :

    1. Log in to Solace Cloud and create a new Event Broker Service.
    2. Create a Queue:
    3. Configure a queue on the Event Broker Service.
    4. Publish five messages to the queue using two different publishers.
    5. You may use a programming language of your choice for the publisher application.
    6. Ensure all messages are visible in the queue.
  • anjalimariam
    anjalimariam Member Posts: 5

    Can anyone help me out ?

  • Tamimi
    Tamimi Member, Administrator, Employee Posts: 549 admin

    Hey @anjalimariam I was able to run the sample code I linked earlier with the trusted file and no issues. Are you running the same sample or a modified version of it? If the latter can you please share your source code or at least the connection to the broker.

    Here is what I did for my steps:

    • I ran the TLS_connection.py sample (linked above) WITHOUT having the trusted-store directory as follows SOLACE_HOST=<host_name> SOLACE_VPN=<vpn_name> SOLACE_USERNAME=<username> SOLACE_PASSWORD=<password> python TLS_connection.py and got the following error
    2025-02-03 19:11:48,748 [WARNING] solace.messaging.core: [_solace_session.py:885]  [[SERVICE: 0x10367c8c0] - [APP ID: None]] SOLCLIENT_SUBCODE_FAILED_LOADING_TRUSTSTORE
    2025-02-03 19:11:48,748 [WARNING] solace.messaging.core: [_solace_session.py:887] [[SERVICE: 0x10367c8c0] - [APP ID: None]] SESSION CREATION UNSUCCESSFUL. Failed to load trust store.
    Traceback (most recent call last):
    File "/Users/tamimi/samples/solace-samples-python/patterns/TLS_connection.py", line 65, in <module>
    .build()
    ^^^^^^^
    File "/Users/tamimi/samples/solace-samples-python/venv/lib/python3.12/site-packages/solace/messaging/messaging_service.py", line 1770, in build
    return _BasicMessagingService(config=self._stored_config, application_id=application_id)
    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
    File "/Users/tamimi/samples/solace-samples-python/venv/lib/python3.12/site-packages/solace/messaging/messaging_service.py", line 1064, in init
    self._session.create_session(self._config) # create the session as part of Messaging Service build process
    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
    File "/Users/tamimi/samples/solace-samples-python/venv/lib/python3.12/site-packages/solace/messaging/core/_solace_session.py", line 888, in create_session
    raise PubSubPlusCoreClientError(message=FAILED_TO_LOAD_TRUST_STORE, sub_code=info_sub_code)
    solace.messaging.errors.pubsubplus_client_error.PubSubPlusCoreClientError: SESSION CREATION UNSUCCESSFUL. Failed to load trust store.
    • I then installed the the certificate DigiCertGlobalRootCA.crt.pem from the the solace cloud service in the connect tab as follows:
    • I then created a directory in the same path where the TLS_connection.py python file is located called trusted-store and moved the newly installed certificate in that director
    • Then ran the following command as per the instructions in the README
    SOLACE_HOST=<host_name> SOLACE_VPN=<vpn_name> SOLACE_USERNAME=<username> SOLACE_PASSWORD=<password> python TLS_connection.py
    

    and got the following:

    $ SOLACE_HOST=tcps://*******.messaging.solace.cloud:55443 SOLACE_VPN=demo-broker SOLACE_USERNAME=solace-cloud-client SOLACE_PASSWORD=****** python TLS_connection.py

    Messaging Service connected? True
    Direct Receiver is running? True
    Subscribing to: ['solace/samples/python/dir/sub/>', 'solace/samples/python/dir/sub/v2/>', 'solace/samples/>']
    ^C
    Disconnecting Messaging Service Terminating receiver Disconnecting Messaging Service

    Can you please confirm you ran the following steps?

    For reference, this is the github repo for the python samples: