Pre-Shared Authentication Keys for Appliances
Pre-shared authentication keys are used to authenticate connections between redundancy group members and must be the same for all members. By default, no key is set on an event broker.
Generating Pre-Shared Keys
Pre-shared authentication keys are 32 to 256 bytes of binary data encoded in base 64. To ensure maximum security, Solace recommends that each key be randomly generated and as long as possible.
Configuring Pre-Shared Keys
To set the pre-shared key authentication key for an event broker in a redundant deployment, enter the following commands:
solace(configure)# redundancy
solace(configure/redundancy)# authentication
solace(configure/redundancy/authentication)# pre-shared-key key <pre-shared-key>
Where:
<pre-shared-key>
is 44 to 344 characters (which translates into 32 to 256 bytes of binary data encoded in base 64). The no
version of this command returns the value to the default.
Changing Pre-Shared Keys
You can change the pre-shared key of an HA pair when the appliances and config-sync are both up.
To make the change, perform the following steps.
- Change the key on one of the appliances.
solace1(configure)# redundancy
solace1(configure/redundancy)# authentication
solace1(configure/redundancy/authentication)# pre-shared-key key <new-pre-shared-key> - Change the key on the other appliance.
solace2(configure)# redundancy
solace2(configure/redundancy)# authentication
solace2(configure/redundancy/authentication)# pre-shared-key key <new-pre-shared-key>