Does Solace cloud free trial version support SSL authentication?

Naga
Naga Member Posts: 58

Does Solace cloud free trial version support SSL authentication.
If yes how to configure the same in both client side and on solace .?

Best Answers

Answers

  • Naga
    Naga Member Posts: 58

    I am able to connect use basic authentication using REST API. Now I want to connect using Https URL for that I need to know the steps to be configured

  • marc
    marc Member, Administrator, Moderator, Employee Posts: 914 admin

    You should be able to use the "Secured REST URI" found under your service connect tab under "View by: Protocol" -> REST.
    That URI is https. Since our certificates are currently issued by DigiCert it will already be in many truststores, but keep in mind you may need to download the pem file (as seen in the image in my previous post) and add it to your truststore if it's not already trusted.

    This worked for me with my free dev service using curl without having to add anything to my truststore.

    curl -X POST -d "Hello World REST" https://<HOST>:<PORT>/T/rest/pubsub -H "content-type: text"  -u solace-cloud-client:<password>
    
  • Naga
    Naga Member Posts: 58

    When I use curl command with Https URL I got an error : unknown protocol.
    So wanted to add certificates..

  • marc
    marc Member, Administrator, Moderator, Employee Posts: 914 admin

    Hmm. That doesn't sound like a certificate issue to me.. Anymore information that you can share? Did you try the exact curl command that worked for me but with your "Secured REST Host" URL?

  • marc
    marc Member, Administrator, Moderator, Employee Posts: 914 admin
    edited September 2019 #9

    Is it an "unknown ssl protocol" error? Can you execute using curl -v and share the output?

  • Naga
    Naga Member Posts: 58

    curl -v https://mrred2imhn.messaging.solace.cloud:20715/T/MDM/t/MDM/PS/RT/Account

    • Hostname was NOT found in DNS cache
    • Trying 54.169.218.168...
    • Connected to mrred2imhn.messaging.solace.cloud (54.169.218.168) port 20715 (#0)
    • successfully set certificate verify locations:
    • CAfile: none
      CApath: /etc/ssl/certs/

    • SSLv3, TLS handshake, Client hello (1):

    • Unknown SSL protocol error in connection to mrred2imhn.messaging.solace.cloud:20715
    • Closing connection 0
      curl: (35) Unknown SSL protocol error in connection to mrred2imhn.messaging.solace.cloud:20715
  • Naga
    Naga Member Posts: 58

    Also I have enabled only Basic authentication and not SSL Authentication. Please let me know If I need to share any certificate to the publisher team ?

  • FYI I tried the same and received something different - which leads me to believe that you might have something else happening with your setup? @marc can likely confirm:

    $ curl -v https://mrred2imhn.messaging.solace.cloud:20715/T/MDM/t/MDM/PS/RT/Account

    • Trying 54.169.218.168...
    • TCP_NODELAY set
    • Connected to mrred2imhn.messaging.solace.cloud (54.169.218.168) port 20715 (#0)
    • ALPN, offering h2
    • ALPN, offering http/1.1
    • Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
    • successfully set certificate verify locations:
    • CAfile: /etc/ssl/cert.pem
      CApath: none

    • TLSv1.2 (OUT), TLS handshake, Client hello (1):

    • TLSv1.2 (IN), TLS handshake, Server hello (2):
    • TLSv1.2 (IN), TLS handshake, Certificate (11):
    • TLSv1.2 (IN), TLS handshake, Server finished (14):
    • TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
    • TLSv1.2 (OUT), TLS change cipher, Client hello (1):
    • TLSv1.2 (OUT), TLS handshake, Finished (20):
    • TLSv1.2 (IN), TLS change cipher, Client hello (1):
    • TLSv1.2 (IN), TLS handshake, Finished (20):
    • SSL connection using TLSv1.2 / AES256-GCM-SHA384
    • ALPN, server did not agree to a protocol
    • Server certificate:
    • subject: C=CA; ST=Ontario; L=Kanata; O=Solace Corporation; CN=*.messaging.solace.cloud
    • start date: Sep 19 00:00:00 2019 GMT
    • expire date: Sep 18 12:00:00 2021 GMT
    • subjectAltName: host "mrred2imhn.messaging.solace.cloud" matched cert's "*.messaging.solace.cloud"
    • issuer: C=US; O=DigiCert Inc; OU=www.digicert.com; CN=Thawte RSA CA 2018
    • SSL certificate verify ok.

      GET /T/MDM/t/MDM/PS/RT/Account HTTP/1.1
      Host: mrred2imhn.messaging.solace.cloud:20715
      User-Agent: curl/7.54.0
      Accept: /

      >
      < HTTP/1.1 405 Method Not Allowed
      < Cache-Control: no-cache
      < Content-Length: 208
      < Content-Type: text/xml
      < Server: Solace_PubSub+_Enterprise/8.13.1.31
      < Set-Cookie: TSID=f0eab899470c2448; Path=/
      < Allow: OPTIONS, POST
      <

      405
      <![CDATA[Method Not Allowed]]>
      <![CDATA[ > Method not allowed > ]]>
      1:1628

    • Connection #0 to host mrred2imhn.messaging.solace.cloud left intact