Solace Community is getting a facelift!

On March 3rd we will be starting the process of migrating Solace Community to a new platform. As a result, Solace Community will go in to a temporary read-only state. You will still be able to come onto Solace Community and search through posts to find answers, but you won't be able to ask questions, post comments, or react in any way.

We hope to have the migration complete by Wednesday March 5th (or sooner), so please keep an eye out!

Connecting Solace using Python with TLS

jawaharyuvr
jawaharyuvr Member Posts: 4
edited April 2023 in General Discussions #1

Hi @Tamimi , kindly help with below connection error whether certificates are not loading or need to do changes in code. 

from solace.messaging.messaging_service import MessagingService, RetryStrategy
from solace.messaging.config.transport_security_strategy import TLS
from solace.messaging.config.authentication_strategy import ClientCertificateAuthentication
broker_props = {
  "solace.messaging.transport.host": "tcps://xxxx.xxxx:5xxx3",
  "solace.messaging.service.vpn-name": "vpn-xx-xxx-t1",
  "solace.messaging.authentication.scheme.basic.username": "xxxx-user",
  "solace.messaging.authentication.scheme.basic.password": "default",
  }
transport_security_strategy = TLS.create() \
  .with_certificate_validation(True, False,
        trust_store_file_path="C:\\Users\\xxxxx\\xxxxx\\solace\\")
messaging_service = MessagingService.builder().from_properties(broker_props)\
  .with_reconnection_retry_strategy(RetryStrategy.parametrized_retry(20,3))\
  .with_transport_security_strategy(transport_security_strategy)\
    .with_authentication_strategy\
    (ClientCertificateAuthentication.of
     (certificate_file="C:\\Users\\xxxx\\xxxxx\\solace\\xxxx-user.pem",
      key_file="C:\\Users\\xxxx\\xxxxx\\solace\\xxxx-user.key",key_password="changeit"))\
    .build()
messaging_service.connect()


aise PubSubPlusClientError(message=f'{FAILED_TO_LOADING_CERTIFICATE_AND_KEY} {core_exception_msg}')

solace.messaging.errors.pubsubplus_client_error.PubSubPlusClientError: (PubSubPlusClientError(...), 'SESSION CREATION UNSUCCESSFUL. Failed to load certificate. {\'caller_description\': \'do_connect\', \'return_code\': \'Fail\', \'sub_code\': \'SOLCLIENT_SUBCODE_FAILED_LOADING_CERTIFICATE_AND_KEY\', \'error_info_sub_code\': 102, \'error_info_contents\': "Failed to add the private key from file \'/xxx/xxx/dps/xxx-xxx-user.key\', session \'(c0,s1)_vpn-xx-xxxx-t1\'"}')

Tagged:

Comments

  • marc
    marc Member, Administrator, Moderator, Employee Posts: 973 admin
    edited April 2023 #2

    Hi @jawaharyuvr,

    To me this looks like a certificate access issue. Here are a few things to check:

    1. Is the path to the file correct?
    2. Does the user that your app is running as have read permissions on the directory & file where the cert is stored?
    3. Is the file a valid x509 cert? (Some commands here that can help with that: https://serverfault.com/questions/215606/how-do-i-view-the-details-of-a-digital-certificate-cer-file)
    4. Verify that the password is correct for the key. You can do that with openssl as well. It should be something like this openssl rsa -in /path/to/private/key -check

    Hope that helps!

  • jawaharyuvr
    jawaharyuvr Member Posts: 4
    #3

    Hi @marc, Thanks for your inputs, able to connect Solace :-)

  • Tamimi
    Tamimi Member, Administrator, Employee Posts: 549 admin
    #4

    Awesome! Thanks @marc for the input

Categories

This Month's Leaders

This Week's Leaders