SSL Configuration when using Spring cloud stream

Hello

We are using Spring cloud stream solace binders. We are trying to configure SSL cert when connecting to solace queue and topic. Below is the configuration that we use in java and is working-

            properties.setProperty("Solace_JMS_VPN", vpn);
            properties.setProperty("Solace_JMS_Authentication_Scheme",  "AUTHENTICATION_SCHEME_CLIENT_CERTIFICATE");
            properties.setProperty("SOLACE_JMS_SSL_VALIDATE_CERTIFICATE","true");
            properties.setProperty("Solace_JMS_SSL_TrustStore", <path>);            
            properties.setProperty("Solace_JMS_SSL_TrustStorePassword", <pwd>);

We need help in configuring these properties in the solace binder. Currently we have the below entry -

binders:
    local_solace:
          type: solace
          environment:
            solace:
              java:
                host: tcps://<host:port>
                msgVpn: <vpn>
                clientUsername: <username>

Best Answer

Answers

  • [Deleted User]
    [Deleted User] Posts: 0 ✭✭

    Thanks for the answer @amackenzie ! @ruplim did this help you out?

  • ruplim
    ruplim Member Posts: 6

    Thank you @amackenzie . The answer worked for me and we were able to connect using ssl

  • glenn_esl
    glenn_esl Member Posts: 9
    edited December 2021 #6
    • I would like to add to the solution that you have to use tcps not TCP.
    • Additionally you can also include the port

    example

    tcps://192.168.133.64:55443

    spring:
      cloud:
        stream:
          bindings:
            input:
              destination: queuename
              group: myconsumergroup
    
    solace:
      java:
        host: tcps://192.168.133.64:55443
        msgVpn: default
        clientUsername: default
        clientPassword: default
        connectRetries: -1
        reconnectRetries: -1
        apiProperties:
          SSL_VALIDATE_CERTIFICATE: true
          SSL_TRUST_STORE: <path>
          SSL_TRUST_STORE_PASSWORD: <pwd>
    
  • marc
    marc Member, Administrator, Moderator, Employee Posts: 959 admin

    thanks for adding that info @glenn_esl 🙏

  • wenhede
    wenhede Member Posts: 2
    edited January 2022 #8

    Hi,

    Since it is already using a certificate, is the clientUsername and clientPassword still required?

    solace:
    java:
    host: tcps://192.168.133.64:55443
    msgVpn: default
    clientUsername: default
    clientPassword: default
    connectRetries: -1
    reconnectRetries: -1
    apiProperties:
    SSL_VALIDATE_CERTIFICATE: true
    SSL_TRUST_STORE:
    SSL_TRUST_STORE_PASSWORD:

    any settings or option can use to not require the said 2 properties?

  • glenn_esl
    glenn_esl Member Posts: 9

    Hi @wenhede,

    The SSL_* properties are only used to establish an SSL connection between the client and solace. Validating the certificate only makes sure that you can limit the client to connect only to trusted solace instances.

    To authenticate with a certificate is a different topic, I would suggest creating a new question on the discussion board.