How to enable HTTPS on Solace docker platform

Eddie_Jackal · March 27, 2025, 3:11pm

Hello Guys,

I am testing the solace platform using the docker container and I am encountering an issue when I want to use https within the broker, I follow the following procedure:

Generate Self-Signed Certificate:

Generate Root Key

openssl genrsa -des3 -out root.key 4096

Generate pem file for server.

openssl req -new -x509 -days 1000 -key root.key -out server.pem -subj
“/C=/ST=/L=/O=/OU=/CN=root”

Create client key and csr file

openssl req -nodes -new -newkey rsa:4096 -keyout client.key -out client.csr
-subj “/C=/ST=/L=/O=/OU=/CN=default”

Note: default is a Solace client user

Generate client pem file

openssl x509 -req -in client.csr -CA server.pem -CAkey root.key
-CAcreateserial -out client.pem -days 1825 -sha256

Create server certificate pem file

cat root.key > server_cert.pem
cat server.pem >> server_cert.pem

Create Certificate Authority and Assign Certificate:

solace> enable
solace# configure
solace(configure)# authentication
solace(configure/authentication)# create client-certificate-authority
solace_techcoe.com
solace(…/authentication/certificate-authority)# certificate file server.pem

Assign a username source for VPN

solace(configure)# message-vpn default
solace(configure/message-vpn)# authentication
solace(configure/message-vpn/authentication)# client-certificate
solace(…vpn/authentication/client-certificate)# username-source common-name
solace(…vpn/authentication/client-certificate)# no shutdown

Assign server certificate at root level

solace(configure)# ssl
solace(configure/ssl)# no server-certificate
solace(configure/ssl)# server-certificate server_cert.pem
Enter private key pass phrase: (password or whatever you set)

Here is the output from show service semp:

ad9ac840d52c> show service semp

Service: SEMP
Config Status: Enabled
Oper Status (Plain-text): Up
Oper Status (SSL): Up
VRF: management
Port (Plain-text): 8080
Port (SSL): 1943
Legacy Timeout: No
Session Idle Timeout: 15 minutes
Session Maximum Lifetime: 43200 minutes
CORS Allow Any Host: No

marc · April 1, 2025, 4:03pm

Hey @Eddie_Jackal, what was the error or issue that you ended up having?

Eddie_Jackal · April 2, 2025, 2:52pm

Hello @marc I have fixed my issue, I don’t know why but after some minutes the solace broker admin console came alive and I was able to connect using https… it was strange but following the same procedure above I was able to enable https on another instance. Thx !

marc · April 2, 2025, 9:16pm

Great, thanks for the update and glad it’s working for you.
Depending on resources available it can sometimes take a few minutes for the docker container to start up and be fully available so maybe that was the case here.

Topic		Replies	Views
Do you have any guide to setup solace/solace-pubsub-standard over SSL? PubSub+ Event Broker docker , security	1	101	October 9, 2024
Upload Certificate Authority PubSub+ Event Broker security	5	815	October 14, 2020
How to connect the event broker using ssl connection? PubSub+ Event Broker cli	2	897	May 17, 2022
Configuring the server certificate on PubSub Broker- Invalid certificate PubSub+ Event Broker cli , security , broker	5	1587	October 6, 2020
Secure connection on Local Host Connectors & Integrations	7	10505	August 19, 2021

How to enable HTTPS on Solace docker platform

Related topics