You can also enable SSL using PubSub+ Broker Manager. Solace(.ure/message-vpn/service/rest/incoming)# no ssl shutdown Solace(.ure/message-vpn/service/rest/incoming)# listen-port 9443 ssl
Solace(configure/message-vpn/service/rest)# incoming Solace(configure/message-vpn)# service rest
Enable SSL for the Message VPN: solace(configure)# message-vpn. To enable SSL for REST on the event broker, do the following: Place the certificate in /certs/ folder using the “SCP” service: scp -P2222 /home//server_cert.pem to create the FTP user through the Solace CLI. Create a pem file by concatenating the private key and server certificate: cat root.key > server_cert.pem. Create a server certificate and generate a signing request: openssl req -new -x509 -days 1000 -key root.key -out server.pem -subj "/C=/ST=/L=/O=/OU=/CN=root". Create TLS key for the event broker: openssl genrsa -des3 -out root.key 4096. To generate a self-signed SSL server certificate, perform the following steps: You can generate a self-signed certificate using the methods described below or get one from your organization's certificate authority. To configure a two-way SSL authentication, we will generate self-signed certificates using OpenSSL, configure the certificates in the event broker instance, and validate client authentication using Postman. Possess working knowledge of the Solace CLI.Ĭonfiguring Two-Way SSL Authentication for REST. Admin access to configure certificates in the PubSub+ event broker. Create a client username in the event broker which will be assigned as a common name (CN) to the client key file. Create FTP user through the Solace CLI to transfer files. Install Postman to test client authentication. Install OpenSSL to generate self-signed certificates. You can also authenticate through a username or Common Name injection. Two-way SSL authentication works with a mutual handshake by exchanging the certificates. Both parties share their public certificates, and then validation is performed. In two-way SSL authentication, the client application verifies the identity of the server application, and then the server application verifies the identity of the client application. When implementing one-way SSL authentication, the server application shares its public certificate with the client. In one-way SSL authentication (Server Certificate Authentication), only the client validates the server the server does not verify the client application. One-way SSL / Server Certificate Authentication As we guide you through the steps, we will show you how to generate self-signed certificates, configure the certificates in the event broker instance, and validate the SSL communication. 
In this tutorial, we will set up two-way SSL authentication for REST in the PubSub+ event broker using self-signed certificates.
0 kommentar(er)
