Return-Path: X-Original-To: apmail-activemq-commits-archive@www.apache.org Delivered-To: apmail-activemq-commits-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 94A1A9199 for ; Sat, 31 Mar 2012 22:42:48 +0000 (UTC) Received: (qmail 79242 invoked by uid 500); 31 Mar 2012 22:42:48 -0000 Delivered-To: apmail-activemq-commits-archive@activemq.apache.org Received: (qmail 79202 invoked by uid 500); 31 Mar 2012 22:42:48 -0000 Mailing-List: contact commits-help@activemq.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@activemq.apache.org Delivered-To: mailing list commits@activemq.apache.org Received: (qmail 79195 invoked by uid 99); 31 Mar 2012 22:42:48 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 31 Mar 2012 22:42:48 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=5.0 tests=ALL_TRUSTED,T_RP_MATCHES_RCVD X-Spam-Check-By: apache.org Received: from [140.211.11.116] (HELO hel.zones.apache.org) (140.211.11.116) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 31 Mar 2012 22:42:46 +0000 Received: from hel.zones.apache.org (hel.zones.apache.org [140.211.11.116]) by hel.zones.apache.org (Postfix) with ESMTP id F0E94351CA4 for ; Sat, 31 Mar 2012 22:42:24 +0000 (UTC) Date: Sat, 31 Mar 2012 22:42:24 +0000 (UTC) From: "Guy Allard (Created) (JIRA)" To: commits@activemq.apache.org Message-ID: <535914314.2312.1333233744988.JavaMail.tomcat@hel.zones.apache.org> Subject: [jira] [Created] (APLO-178) Using key_alias= causes all SSL connects to fail MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 Using key_alias= causes all SSL connects to fail ------------------------------------------------ Key: APLO-178 URL: https://issues.apache.org/jira/browse/APLO-178 Project: ActiveMQ Apollo Issue Type: Bug Components: apollo-broker Affects Versions: wish-list Environment: Ubuntu 11.01, Java OpenJDK Runtime Environment (IcedTea6 1.11pre) (6b23~pre11-0ubuntu1.11.10.2) OpenJDK 64-Bit Server VM (build 20.0-b11, mixed mode) apache-apollo-99-trunk-20120328.201231-9-unix-distro.tar.gz Reporter: Guy Allard Fix For: 1.2 After adding 'key_alias=' to the 'key_storage' element, all attempts to connect using SSL fail. The only thing I see in connection.log is a connect/disconnect sequence. Log files apollo.log and security.log show nothing. I see no real errors in Apollo logs. The client gets only: Connection reset by peer I am running with: - the Ruby stomp gem 1.2.2 client - - default login.config - client_auth= not specified (defaulted) The alias name is correct I believe: apollo@tjjackson:~/my-broker-snap/etc$ grep servertj apollo.xml and: apollo@tjjackson:~/my-broker-snap/etc$ keytool -list -keystore keystore -storepass password Keystore type: JKS Keystore provider: SUN Your keystore contains 2 entries clienttjca, Mar 31, 2012, PrivateKeyEntry, Certificate fingerprint (MD5): FD:F8:2F:94:5F:F2:55:2C:B9:C7:E6:EA:CA:18:52:6C servertj, Mar 31, 2012, PrivateKeyEntry, Certificate fingerprint (MD5): F2:F3:89:68:4D:EF:46:EB:23:50:57:76:0B:01:58:58 So, the store has two entries: 1) A server cert 2) A Client CA cert (signs all client certs) Simply removing key_alias= allows at least some SSL functionality to work. Let me know what I can do to assist, docs etc., but key_alias= seems to be ........ not functional in general. Regards, Guy -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira