🎄 Happy Holidays! 🥳
Most of Solace is closed December 24–January 1 so our employees can spend time with their families. We will re-open Thursday, January 2, 2024. Please expect slower response times during this period and open a support ticket for anything needing immediate assistance.
Happy Holidays!
Please note: most of Solace is closed December 25–January 2, and will re-open Tuesday, January 3, 2023.
Can't connect to manager using TLS on port 1943
Hi,
I've installed a Solace broker on an EC2 instance for test & training purposes. Works OK, we are able to manage the broker thru 8080, connect from Boomi using 55555 etc etc. Now, the next step is to use TLS for all connections. With Solace Cloud, that's easy. But how to set this up using your own EC2 instance? I had a look at the documentation. There's no listener active when I run a netstat -an|grep LISTEN on port 1943. We need that in order to install a certificate (PEM) right?
Comments
-
Hi @sjaak ,
The secured ports will be down by default, and we actually need to setup the server certificate first before we can enable the secured ports. Setting up a server certificate can be done via CLI first and load the cert into the broker as per the document since we don't have 1943 up just yet
Have a look here and see if that helps: https://docs.solace.com/Configuring-and-Managing/Managing-TLS-SSL-Service.htm
Thanks,
Ari0 -
@sjaak said:
Hi,
I've installed a Solace broker on an EC2 instance for test & training purposes. Works OK, we are able to manage the broker thru 8080, connect from Boomi using 55555 etc etc. Now, the next step is to use TLS for all connections. With Solace Cloud, that's easy. But how to set this up using your own EC2 instance? I had a look at the documentation. There's no listener active when I run a netstat -an|grep LISTEN on port 1943. We need that in order to install a certificate (PEM) right?Hi sjaak,
Regarding the PEM, you need to place both the certificate and the private key inside the **same ** PEM file.
There's a good explanation on this here
Basically, just copy and paste the information, including the separators into a single file. I suggest you follow the order:----BEGIN RSA PRIVATE KEY----- (Your Private Key: your_domain_name.key) -----END RSA PRIVATE KEY----- -----BEGIN CERTIFICATE----- (Your Primary SSL certificate: your_domain_name.crt) -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- (Your Intermediate certificate: CA.crt) -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- (Your Root certificate: TrustedRoot.crt) -----END CERTIFICATE-----
Also, depending on your private key, you may need to convert it.
I had issues with using private keys that start with-----BEGIN PRIVATE KEY-----
So I converted them to RSA
-----BEGIN RSA PRIVATE KEY-----
Using the command:
openssl rsa -in <yourfile>.key -out <yourfile>-rsa.key
If you have any issues, try it as well.
Cheers
Jose1