Secure connection on Local Host

Hi,
I am using the Solace Software as a Docker container. I am able to establish a default connection (localhost:55555) and compressed connection (localhost:55003) with the broker.
For the secured connection, I enabled the port 55443 while running the container, but when I try to establish a secure connection it gives me an unable to connect error on socket error.
Please help me with how to establish a Secure Connection locally.
Thanks in advance!

Comments

  • uherbst
    uherbst Member, Employee Posts: 121 Solace Employee
    edited March 2021 #2

    Hi chaudharys,
    1. have you configured a TLS server certificate for the Solace broker ? Without a server certificate, no TLS service is possible.
    2. You have added the port 55443 to your enabled port list during docker run command ?

    How to add a TLS server certificate to a Solace broker: https://docs.solace.com/Configuring-and-Managing/Managing-Server-Certs.htm

  • nram
    nram Member, Employee Posts: 80 Solace Employee

    Hi @chaudharys , Also remember to use tcps://broker:55443 in your connection string.

  • chaudharys
    chaudharys Member Posts: 25

    @uherbst Thanks for your help, I am new to security, can you help me with how I can download/create certificates for secure connections?

  • uherbst
    uherbst Member, Employee Posts: 121 Solace Employee

    Hi @chaudharys, sure.

    You need a TLS server certificate for that. You can use a selfsigned one or an external signed one - as you like.
    You need a pem file, contents are "first the key, then the certificate".
    You need to copy that pem file inside the docker container to /usr/sw/jail/certs/xxx.pem (you can name it as you like). Details how to copy files to the broker can you find here: https://solace.community/discussion/316/how-to-copy-files-to-from-a-solace-broker#latest
    And finally, you have to configure this certificate as your server certificate. Inside the cli:

    enable
    configure
    ssl
    server-certificate xxx.pem (choose the same name as you copied the file)
    
  • chaudharys
    chaudharys Member Posts: 25

    Hi, I tried to create the certificate using tls-gen, but there is some issue with it. Can you help me with how to get a self signed or external signed certificate.

  • nram
    nram Member, Employee Posts: 80 Solace Employee
  • chaudharys
    chaudharys Member Posts: 25

    Hi, I was able to resolve my issues and establish the secure connection with localhost and cloud.
    I have just restarted my container to continue working on solace. But now I am again facing an issue with the secure connection in localhost

    I am running my localhost as:
    ./farePub tcps://localhost:55443 default admin admin topic ../ssl
    The error I am getting is:
    SDK NOTICE Thu Aug 19 18:47:26.741 2021 solClientOS.c:5942 (7f522324f700) TCP: Could not read from socket 7, error = Connection reset by peer (104) SDK NOTICE Thu Aug 19 18:47:26.742 2021 solClientSmf.c:7232 (7f522324f700) Read failed from transport 'TCP' of session '(c0,s1)_default' due to 'TCP: Could not read from socket 7, error = Connection reset by peer (104)', client name 'chaudharylin/6219/#00000001/69n7eehmiw', VPN name 'default', peer host 'localhost:55443' address 'IP 127.0.0.1', connection 'tcp_TxRx' local address 'IP 127.0.0.1:56032'
    Please guide me with what the issue is.