activemq-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Guy Allard (Created) (JIRA)" <j...@apache.org>
Subject [jira] [Created] (APLO-178) Using key_alias= causes all SSL connects to fail
Date Sat, 31 Mar 2012 22:42:24 GMT
Using key_alias= causes all SSL connects to fail
------------------------------------------------

                 Key: APLO-178
                 URL: https://issues.apache.org/jira/browse/APLO-178
             Project: ActiveMQ Apollo
          Issue Type: Bug
          Components: apollo-broker
    Affects Versions: wish-list
         Environment: Ubuntu 11.01, Java OpenJDK Runtime Environment (IcedTea6 1.11pre) (6b23~pre11-0ubuntu1.11.10.2)
OpenJDK 64-Bit Server VM (build 20.0-b11, mixed mode)

apache-apollo-99-trunk-20120328.201231-9-unix-distro.tar.gz
            Reporter: Guy Allard
             Fix For: 1.2


After adding 'key_alias=' to the 'key_storage' element, all attempts to connect using SSL
fail.

The only thing I see in connection.log is a connect/disconnect sequence.  Log files apollo.log
and security.log show nothing.  I see no real errors in Apollo logs.

The client gets only:

Connection reset by peer

I am running with:

- the Ruby stomp gem 1.2.2 client
- <authentication enabled="false"/>
- default login.config
- client_auth= not specified (defaulted)

The alias name is correct I believe:

apollo@tjjackson:~/my-broker-snap/etc$ grep servertj apollo.xml
  <key_storage file="${apollo.base}/etc/keystore" password="password" key_password="password"
key_alias="servertj" />

and:

apollo@tjjackson:~/my-broker-snap/etc$ keytool -list -keystore keystore -storepass password

Keystore type: JKS
Keystore provider: SUN

Your keystore contains 2 entries

clienttjca, Mar 31, 2012, PrivateKeyEntry, 
Certificate fingerprint (MD5): FD:F8:2F:94:5F:F2:55:2C:B9:C7:E6:EA:CA:18:52:6C
servertj, Mar 31, 2012, PrivateKeyEntry, 
Certificate fingerprint (MD5): F2:F3:89:68:4D:EF:46:EB:23:50:57:76:0B:01:58:58

So, the store has two entries:

1) A server cert
2) A Client CA cert (signs all client certs)

Simply removing key_alias= allows at least some SSL functionality to work.

Let me know what I can do to assist, docs etc., but key_alias= seems to be ........ not functional
in general.

Regards, Guy


--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message