Does Solace cloud free trial version support SSL authentication?
Does Solace cloud free trial version support SSL authentication.
If yes how to configure the same in both client side and on solace .?
Best Answers
-
Hi,
The short answer is yes, the free Solace Cloud service definitely supports secured communications. I'd need more details on what exactly you're trying to do in order to provide configuration guidance, but I'll take a few guesses:- If you want to use client certificate authentication check out this how to guide in the cloud learning center: https://solace.com/cloud-learning/group_howto/ght_client_certs.html
- If you want to use basic authentication (username/password) navigate to your PubSub+ service and click on the Connect tab. Choose the client library you want to use and on the right hand side you'll find a "secured" URL and a truststore that you can download so your client trusts the PubSub+ service.
6 -
@Naga were you able to get this working? If so, please click the "Yes" on
Did this answer the question?where appropriate so that others can benefit! And if not, please let us know so we can continue to assist!5
![[Deleted User]](https://w7.vanillicon.com/v2/7dff26a9d468db847108da180a72c800.svg)
Answers
-
Hi,
The short answer is yes, the free Solace Cloud service definitely supports secured communications. I'd need more details on what exactly you're trying to do in order to provide configuration guidance, but I'll take a few guesses:- If you want to use client certificate authentication check out this how to guide in the cloud learning center: https://solace.com/cloud-learning/group_howto/ght_client_certs.html
- If you want to use basic authentication (username/password) navigate to your PubSub+ service and click on the Connect tab. Choose the client library you want to use and on the right hand side you'll find a "secured" URL and a truststore that you can download so your client trusts the PubSub+ service.
6 -
You should be able to use the "Secured REST URI" found under your service connect tab under "View by: Protocol" -> REST.
That URI is https. Since our certificates are currently issued by DigiCert it will already be in many truststores, but keep in mind you may need to download the pem file (as seen in the image in my previous post) and add it to your truststore if it's not already trusted.This worked for me with my free dev service using curl without having to add anything to my truststore.
curl -X POST -d "Hello World REST" https://<HOST>:<PORT>/T/rest/pubsub -H "content-type: text" -u solace-cloud-client:<password>
0 -
curl -v https://mrred2imhn.messaging.solace.cloud:20715/T/MDM/t/MDM/PS/RT/Account
- Hostname was NOT found in DNS cache
- Trying 54.169.218.168...
- Connected to mrred2imhn.messaging.solace.cloud (54.169.218.168) port 20715 (#0)
- successfully set certificate verify locations:
CAfile: none
CApath: /etc/ssl/certs/SSLv3, TLS handshake, Client hello (1):
- Unknown SSL protocol error in connection to mrred2imhn.messaging.solace.cloud:20715
- Closing connection 0
curl: (35) Unknown SSL protocol error in connection to mrred2imhn.messaging.solace.cloud:20715
0 -
FYI I tried the same and received something different - which leads me to believe that you might have something else happening with your setup? @marc can likely confirm:
$ curl -v https://mrred2imhn.messaging.solace.cloud:20715/T/MDM/t/MDM/PS/RT/Account
- Trying 54.169.218.168...
- TCP_NODELAY set
- Connected to mrred2imhn.messaging.solace.cloud (54.169.218.168) port 20715 (#0)
- ALPN, offering h2
- ALPN, offering http/1.1
- Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
- successfully set certificate verify locations:
CAfile: /etc/ssl/cert.pem
CApath: noneTLSv1.2 (OUT), TLS handshake, Client hello (1):
- TLSv1.2 (IN), TLS handshake, Server hello (2):
- TLSv1.2 (IN), TLS handshake, Certificate (11):
- TLSv1.2 (IN), TLS handshake, Server finished (14):
- TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
- TLSv1.2 (OUT), TLS change cipher, Client hello (1):
- TLSv1.2 (OUT), TLS handshake, Finished (20):
- TLSv1.2 (IN), TLS change cipher, Client hello (1):
- TLSv1.2 (IN), TLS handshake, Finished (20):
- SSL connection using TLSv1.2 / AES256-GCM-SHA384
- ALPN, server did not agree to a protocol
- Server certificate:
- subject: C=CA; ST=Ontario; L=Kanata; O=Solace Corporation; CN=*.messaging.solace.cloud
- start date: Sep 19 00:00:00 2019 GMT
- expire date: Sep 18 12:00:00 2021 GMT
- subjectAltName: host "mrred2imhn.messaging.solace.cloud" matched cert's "*.messaging.solace.cloud"
- issuer: C=US; O=DigiCert Inc; OU=www.digicert.com; CN=Thawte RSA CA 2018
SSL certificate verify ok.
GET /T/MDM/t/MDM/PS/RT/Account HTTP/1.1
Host: mrred2imhn.messaging.solace.cloud:20715
User-Agent: curl/7.54.0
Accept: />
< HTTP/1.1 405 Method Not Allowed
< Cache-Control: no-cache
< Content-Length: 208
< Content-Type: text/xml
< Server: Solace_PubSub+_Enterprise/8.13.1.31
< Set-Cookie: TSID=f0eab899470c2448; Path=/
< Allow: OPTIONS, POST
<405
<![CDATA[Method Not Allowed]]>
<![CDATA[ > Method not allowed > ]]>1:1628 Connection #0 to host mrred2imhn.messaging.solace.cloud left intact
0 -
@Naga were you able to get this working? If so, please click the "Yes" on
Did this answer the question?where appropriate so that others can benefit! And if not, please let us know so we can continue to assist!5
