Does Solace cloud free trial version support SSL authentication.
If yes how to configure the same in both client side and on solace .?
Hi,
The short answer is yes, the free Solace Cloud service definitely supports secured communications. I’d need more details on what exactly you’re trying to do in order to provide configuration guidance, but I’ll take a few guesses:
- If you want to use client certificate authentication check out this how to guide in the cloud learning center: What Is PubSub+ Cloud?
- If you want to use basic authentication (username/password) navigate to your PubSub+ service and click on the Connect tab. Choose the client library you want to use and on the right hand side you’ll find a “secured” URL and a truststore that you can download so your client trusts the PubSub+ service.
I am able to connect use basic authentication using REST API. Now I want to connect using Https URL for that I need to know the steps to be configured
You should be able to use the “Secured REST URI” found under your service connect tab under “View by: Protocol” → REST.
That URI is https. Since our certificates are currently issued by DigiCert it will already be in many truststores, but keep in mind you may need to download the pem file (as seen in the image in my previous post) and add it to your truststore if it’s not already trusted.
This worked for me with my free dev service using curl without having to add anything to my truststore.
curl -X POST -d "Hello World REST" https://<HOST>:<PORT>/T/rest/pubsub -H "content-type: text" -u solace-cloud-client:<password>
When I use curl command with Https URL I got an error : unknown protocol.
So wanted to add certificates…
Hmm. That doesn’t sound like a certificate issue to me… Anymore information that you can share? Did you try the exact curl command that worked for me but with your “Secured REST Host” URL?
Is it an “unknown ssl protocol” error? Can you execute using curl -v and share the output?
curl -v https://mrred2imhn.messaging.solace.cloud:20715/T/MDM/t/MDM/PS/RT/Account
- Hostname was NOT found in DNS cache
- Trying 54.169.218.168…
- Connected to mrred2imhn.messaging.solace.cloud (54.169.218.168) port 20715 (#0)
- successfully set certificate verify locations:
- CAfile: none
CApath: /etc/ssl/certs/ - SSLv3, TLS handshake, Client hello (1):
- Unknown SSL protocol error in connection to mrred2imhn.messaging.solace.cloud:20715
- Closing connection 0
curl: (35) Unknown SSL protocol error in connection to mrred2imhn.messaging.solace.cloud:20715
Also I have enabled only Basic authentication and not SSL Authentication. Please let me know If I need to share any certificate to the publisher team ?
FYI I tried the same and received something different - which leads me to believe that you might have something else happening with your setup? @marc can likely confirm:
! > $ curl -v https://mrred2imhn.messaging.solace.cloud:20715/T/MDM/t/MDM/PS/RT/Account
! > * Trying 54.169.218.168…
! > * TCP_NODELAY set
! > * Connected to mrred2imhn.messaging.solace.cloud (54.169.218.168) port 20715 (#0)
! > * ALPN, offering h2
! > * ALPN, offering http/1.1
! > * Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
! > * successfully set certificate verify locations:
! > * CAfile: /etc/ssl/cert.pem
! > CApath: none
! > * TLSv1.2 (OUT), TLS handshake, Client hello (1):
! > * TLSv1.2 (IN), TLS handshake, Server hello (2):
! > * TLSv1.2 (IN), TLS handshake, Certificate (11):
! > * TLSv1.2 (IN), TLS handshake, Server finished (14):
! > * TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
! > * TLSv1.2 (OUT), TLS change cipher, Client hello (1):
! > * TLSv1.2 (OUT), TLS handshake, Finished (20):
! > * TLSv1.2 (IN), TLS change cipher, Client hello (1):
! > * TLSv1.2 (IN), TLS handshake, Finished (20):
! > * SSL connection using TLSv1.2 / AES256-GCM-SHA384
! > * ALPN, server did not agree to a protocol
! > * Server certificate:
! > * subject: C=CA; ST=Ontario; L=Kanata; O=Solace Corporation; CN=.messaging.solace.cloud
! > * start date: Sep 19 00:00:00 2019 GMT
! > * expire date: Sep 18 12:00:00 2021 GMT
! > * subjectAltName: host “mrred2imhn.messaging.solace.cloud” matched cert’s ".messaging.solace.cloud"
! > * issuer: C=US; O=DigiCert Inc; OU=www.digicert.com; CN=Thawte RSA CA 2018
! > * SSL certificate verify ok.
! > > GET /T/MDM/t/MDM/PS/RT/Account HTTP/1.1
! > > Host: mrred2imhn.messaging.solace.cloud:20715
! > > User-Agent: curl/7.54.0
! > > Accept: /
! > >
! > < HTTP/1.1 405 Method Not Allowed
! > < Cache-Control: no-cache
! > < Content-Length: 208
! > < Content-Type: text/xml
! > < Server: Solace_PubSub+_Enterprise/8.13.1.31
! > < Set-Cookie: TSID=f0eab899470c2448; Path=/
! > < Allow: OPTIONS, POST
! > <
! >
! >405
! >
! > Method not allowed ! > ]]>
! > 1:1628
! >
! > * Connection #0 to host mrred2imhn.messaging.solace.cloud left intact
@Naga were you able to get this working? If so, please click the “Yes” on Did this answer the question? where appropriate so that others can benefit! And if not, please let us know so we can continue to assist!