Hi,
I am using the Solace Software as a Docker container. I am able to establish a default connection (localhost:55555) and compressed connection (localhost:55003) with the broker.
For the secured connection, I enabled the port 55443 while running the container, but when I try to establish a secure connection it gives me an unable to connect error on socket error.
Please help me with how to establish a Secure Connection locally.
Thanks in advance!
Hi chaudharys,
- have you configured a TLS server certificate for the Solace broker ? Without a server certificate, no TLS service is possible.
- You have added the port 55443 to your enabled port list during docker run command ?
How to add a TLS server certificate to a Solace broker: Managing Server Certificates
Hi @chaudharys , Also remember to use tcps://broker:55443 in your connection string.
@uherbst Thanks for your help, I am new to security, can you help me with how I can download/create certificates for secure connections?
Hi @chaudharys, sure.
You need a TLS server certificate for that. You can use a selfsigned one or an external signed one - as you like.
You need a pem file, contents are “first the key, then the certificate”.
You need to copy that pem file inside the docker container to /usr/sw/jail/certs/xxx.pem (you can name it as you like). Details how to copy files to the broker can you find here: How to copy files to/from a Solace broker — Solace Community
And finally, you have to configure this certificate as your server certificate. Inside the cli:
enable
configure
ssl
server-certificate xxx.pem (choose the same name as you copied the file)
Hi, I tried to create the certificate using tls-gen, but there is some issue with it. Can you help me with how to get a self signed or external signed certificate.
Hi, I was able to resolve my issues and establish the secure connection with localhost and cloud.
I have just restarted my container to continue working on solace. But now I am again facing an issue with the secure connection in localhost
I am running my localhost as:
./farePub tcps://localhost:55443 default admin admin topic ../ssl
The error I am getting is:
SDK NOTICE Thu Aug 19 18:47:26.741 2021 solClientOS.c:5942 (7f522324f700) TCP: Could not read from socket 7, error = Connection reset by peer (104) SDK NOTICE Thu Aug 19 18:47:26.742 2021 solClientSmf.c:7232 (7f522324f700) Read failed from transport 'TCP' of session '(c0,s1)_default' due to 'TCP: Could not read from socket 7, error = Connection reset by peer (104)', client name 'chaudharylin/6219/#00000001/69n7eehmiw', VPN name 'default', peer host 'localhost:55443' address 'IP 127.0.0.1', connection 'tcp_TxRx' local address 'IP 127.0.0.1:56032'
Please guide me with what the issue is.