Pre-Shared Authentication Keys for Appliances

Pre-shared authentication keys are used to authenticate connections between redundancy group members and must be the same for all members. By default, no key is set on an event broker.

Generating Pre-Shared Keys

Pre-shared authentication keys are 32 to 256 bytes of binary data encoded in base 64. To ensure maximum security, Solace recommends that each key be randomly generated and as long as possible.

Configuring Pre-Shared Keys

To set the pre-shared key authentication key for an event broker in a redundant deployment, enter the following commands:

solace(configure)# redundancy
solace(configure/redundancy)# authentication
solace(configure/redundancy/authentication)# pre-shared-key key <pre-shared-key>

Where:

<pre-shared-key> is 44 to 344 characters (which translates into 32 to 256 bytes of binary data encoded in base 64). The no version of this command returns the value to the default.

Changing Pre-Shared Keys

You can change the pre-shared key of an HA pair when the appliances and config-sync are both up.

To make the change, perform the following steps.

  1. Change the key on one of the appliances.
    solace1(configure)# redundancy
    solace1(configure/redundancy)# authentication
    solace1(configure/redundancy/authentication)# pre-shared-key key <new-pre-shared-key>
  2. Change the key on the other appliance.
    solace2(configure)# redundancy
    solace2(configure/redundancy)# authentication
    solace2(configure/redundancy/authentication)# pre-shared-key key <new-pre-shared-key>