🎄 Happy Holidays! 🥳
Most of Solace is closed December 24–January 1 so our employees can spend time with their families. We will re-open Thursday, January 2, 2024. Please expect slower response times during this period and open a support ticket for anything needing immediate assistance.
Happy Holidays!
Please note: most of Solace is closed December 25–January 2, and will re-open Tuesday, January 3, 2023.
SSL Configuration when using Spring cloud stream
Hello
We are using Spring cloud stream solace binders. We are trying to configure SSL cert when connecting to solace queue and topic. Below is the configuration that we use in java and is working-
properties.setProperty("Solace_JMS_VPN", vpn); properties.setProperty("Solace_JMS_Authentication_Scheme", "AUTHENTICATION_SCHEME_CLIENT_CERTIFICATE"); properties.setProperty("SOLACE_JMS_SSL_VALIDATE_CERTIFICATE","true"); properties.setProperty("Solace_JMS_SSL_TrustStore", <path>); properties.setProperty("Solace_JMS_SSL_TrustStorePassword", <pwd>);
We need help in configuring these properties in the solace binder. Currently we have the below entry -
binders: local_solace: type: solace environment: solace: java: host: tcps://<host:port> msgVpn: <vpn> clientUsername: <username>
Best Answer
-
hi, configuration for the JCSMP properties is handled by Spring Boot configuration as mentioned here: https://github.com/SolaceProducts/spring-cloud-stream-binder-solace#creating-a-simple-solace-binding
so if you used the sample Binder config listed on that page, you can just add in the SSL parameters into that config (or use one of the other ways that Spring Boot allows for configuration)application.yaml
.spring: cloud: stream: bindings: input: destination: queuename group: myconsumergroup solace: java: host: tcp://192.168.133.64 msgVpn: default clientUsername: default clientPassword: default connectRetries: -1 reconnectRetries: -1 apiProperties: SSL_VALIDATE_CERTIFICATE: true SSL_TRUST_STORE: <path> SSL_TRUST_STORE_PASSWORD: <pwd>
The
apiProperties
is needed as per the bottom of this section: https://github.com/SolaceProducts/solace-java-spring-boot#updating-your-application-properties.
Let me know how this goes.
edit: changedapplication.properties
toapplication.yml
as the example I give is YAML6
Answers
-
hi, configuration for the JCSMP properties is handled by Spring Boot configuration as mentioned here: https://github.com/SolaceProducts/spring-cloud-stream-binder-solace#creating-a-simple-solace-binding
so if you used the sample Binder config listed on that page, you can just add in the SSL parameters into that config (or use one of the other ways that Spring Boot allows for configuration)application.yaml
.spring: cloud: stream: bindings: input: destination: queuename group: myconsumergroup solace: java: host: tcp://192.168.133.64 msgVpn: default clientUsername: default clientPassword: default connectRetries: -1 reconnectRetries: -1 apiProperties: SSL_VALIDATE_CERTIFICATE: true SSL_TRUST_STORE: <path> SSL_TRUST_STORE_PASSWORD: <pwd>
The
apiProperties
is needed as per the bottom of this section: https://github.com/SolaceProducts/solace-java-spring-boot#updating-your-application-properties.
Let me know how this goes.
edit: changedapplication.properties
toapplication.yml
as the example I give is YAML6 -
Thanks for the answer @amackenzie ! @ruplim did this help you out?
0 -
Thank you @amackenzie . The answer worked for me and we were able to connect using ssl
0 -
- I would like to add to the solution that you have to use tcps not TCP.
- Additionally you can also include the port
example
tcps://192.168.133.64:55443
spring: cloud: stream: bindings: input: destination: queuename group: myconsumergroup solace: java: host: tcps://192.168.133.64:55443 msgVpn: default clientUsername: default clientPassword: default connectRetries: -1 reconnectRetries: -1 apiProperties: SSL_VALIDATE_CERTIFICATE: true SSL_TRUST_STORE: <path> SSL_TRUST_STORE_PASSWORD: <pwd>
0 -
thanks for adding that info @glenn_esl 🙏
0 -
Hi,
Since it is already using a certificate, is the clientUsername and clientPassword still required?
solace:
java:
host: tcps://192.168.133.64:55443
msgVpn: default
clientUsername: default
clientPassword: default
connectRetries: -1
reconnectRetries: -1
apiProperties:
SSL_VALIDATE_CERTIFICATE: true
SSL_TRUST_STORE:
SSL_TRUST_STORE_PASSWORD:any settings or option can use to not require the said 2 properties?
0 -
Hi @wenhede,
The SSL_* properties are only used to establish an SSL connection between the client and solace. Validating the certificate only makes sure that you can limit the client to connect only to trusted solace instances.
To authenticate with a certificate is a different topic, I would suggest creating a new question on the discussion board.
1