SSL Configuration when using Spring cloud stream

Connectors & Integrations
1

Hello

We are using Spring cloud stream solace binders. We are trying to configure SSL cert when connecting to solace queue and topic. Below is the configuration that we use in java and is working-

            properties.setProperty("Solace_JMS_VPN", vpn);
			properties.setProperty("Solace_JMS_Authentication_Scheme",	"AUTHENTICATION_SCHEME_CLIENT_CERTIFICATE");
			properties.setProperty("SOLACE_JMS_SSL_VALIDATE_CERTIFICATE","true");
			properties.setProperty("Solace_JMS_SSL_TrustStore", <path>);			
			properties.setProperty("Solace_JMS_SSL_TrustStorePassword",	<pwd>);

We need help in configuring these properties in the solace binder. Currently we have the below entry -

binders:
    local_solace:
          type: solace
          environment:
            solace:
              java:
                host: tcps://<host:port>
                msgVpn: <vpn>
                clientUsername: <username>
2

hi, configuration for the JCSMP properties is handled by Spring Boot configuration as mentioned here: GitHub - SolaceProducts/spring-cloud-stream-binder-solace: Spring Cloud Stream Binder for Solace PubSub+
so if you used the sample Binder config listed on that page, you can just add in the SSL parameters into that config (or use one of the other ways that Spring Boot allows for configuration) application.yaml.

spring:
  cloud:
    stream:
      bindings:
        input:
          destination: queuename
          group: myconsumergroup

solace:
  java:
    host: tcp://192.168.133.64
    msgVpn: default
    clientUsername: default
    clientPassword: default
    connectRetries: -1
    reconnectRetries: -1
    apiProperties:
      SSL_VALIDATE_CERTIFICATE: true
      SSL_TRUST_STORE: <path>
      SSL_TRUST_STORE_PASSWORD: <pwd>

The apiProperties is needed as per the bottom of this section: GitHub - SolaceProducts/solace-java-spring-boot: A Spring Boot auto-configuration and starter for the Solace Java API..
Let me know how this goes.
edit: changed application.properties to application.yml as the example I give is YAML

3

Thanks for the answer @amackenzie ! @ruplim did this help you out?

4

Thank you @amackenzie . The answer worked for me and we were able to connect using ssl

5
  • I would like to add to the solution that you have to use tcps not TCP.
  • Additionally you can also include the port

example

tcps://192.168.133.64:55443

spring:
  cloud:
    stream:
      bindings:
        input:
          destination: queuename
          group: myconsumergroup

solace:
  java:
    host: tcps://192.168.133.64:55443
    msgVpn: default
    clientUsername: default
    clientPassword: default
    connectRetries: -1
    reconnectRetries: -1
    apiProperties:
      SSL_VALIDATE_CERTIFICATE: true
      SSL_TRUST_STORE: <path>
      SSL_TRUST_STORE_PASSWORD: <pwd>
6

thanks for adding that info @glenn_esl ?

7

Hi,

Since it is already using a certificate, is the clientUsername and clientPassword still required?

solace:
java:
host: tcps://192.168.133.64:55443
msgVpn: default
clientUsername: default
clientPassword: default
connectRetries: -1
reconnectRetries: -1
apiProperties:
SSL_VALIDATE_CERTIFICATE: true
SSL_TRUST_STORE:
SSL_TRUST_STORE_PASSWORD:

any settings or option can use to not require the said 2 properties?

8

Hi @wenhede,

The SSL_* properties are only used to establish an SSL connection between the client and solace. Validating the certificate only makes sure that you can limit the client to connect only to trusted solace instances.

To authenticate with a certificate is a different topic, I would suggest creating a new question on the discussion board.