Spring Cloud Stream Binder Solace configuration for SSL

0
votes

We are using Spring cloud stream solace binders. We are trying to configure SSL cert when connecting to solace queue and topic. Below is the configuration that we use in java and is working- 

    properties.setProperty("Solace_JMS_VPN", vpn);
    properties.setProperty("Solace_JMS_Authentication_Scheme",  "AUTHENTICATION_SCHEME_CLIENT_CERTIFICATE");
    properties.setProperty("SOLACE_JMS_SSL_VALIDATE_CERTIFICATE","true");
    properties.setProperty("Solace_JMS_SSL_TrustStore", <path>);            
    properties.setProperty("Solace_JMS_SSL_TrustStorePassword", <pwd>);

We need help in configuring these properties in the solace binder. Currently we have the below entry - 

binders:
    local_solace:
          type: solace
          environment:
            solace:
              java:
                host: tcps://<host:port>
                msgVpn: <vpn>
                clientUsername: <username>
1
spring-cloudspring-cloud-streamsolace

1 Answers

0
votes

I assume that you are following the tutorial at https://solace.com/samples/solace-samples-spring/spring-cloud-streams/ and the solace binder properties mentioned above are those specified in the application.yml file.

At the very minimum, you will need to specify the following additional properties for one-way SSL to work:

  • ssl_trust_store
  • ssl_trust_store_password
  • ssl_validate_certificate

The additional properties in the application.yml file will be declared as such:

  binders:
    local_solace:
      type: solace
      environment:
        solace:
          java:
            host: tcps://<host:port>
            msgVpn: <VPN>
            clientUsername: <Username>
            apiProperties:
              ssl_trust_store: <path_to_trust_store>
              ssl_trust_store_password: <trust_store_password>
              ssl_validate_certificate: true

Also, do take note of the following that is required for one-way SSL to work:

a. A server certificate should already be configured on the broker

b. The port specified in host: tcps://<host:port> is the SSL port. This can be verified through the following CLI command:

solace# show service