activemq-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Boris Belov <bbel...@gmail.com>
Subject Configuring ActiveMQ Embedded Broker over HTTPS
Date Tue, 02 Feb 2010 23:48:58 GMT

Hello,

We are attempting to configure embedded  ActiveMQ broker over https and
failing to do so. Any attempt to start the broker results in
jetty.ssl.password prompt.
After entering the password the following exception is generated. 

2010-02-02 15:47:10.931::INFO:  jetty-6.1.11
2010-02-02 15:47:10.938::INFO:  Started SslSocketConnector@0.0.0.0:62010
INFO  - TransportConnector         - Connector
https://0.0.0.0:62010?trace=true Started
2010-02-02 15:47:10.939::WARN:  EXCEPTION 
javax.net.ssl.SSLException: No available certificate or key corresponds to
the SSL cipher suites which are enabled.
	at
com.sun.net.ssl.internal.ssl.SSLServerSocketImpl.checkEnabledSuites(SSLServerSocketImpl.java:307)
	at
com.sun.net.ssl.internal.ssl.SSLServerSocketImpl.accept(SSLServerSocketImpl.java:253)
	at
org.mortbay.jetty.security.SslSocketConnector.accept(SslSocketConnector.java:172)
	at
org.mortbay.jetty.AbstractConnector$Acceptor.run(AbstractConnector.java:707)
	at
org.mortbay.thread.QueuedThreadPool$PoolThread.run(QueuedThreadPool.java:488)
jetty.ssl.password : 


Tcp and HTTP transport works just fine. Any help is appreciated.


Below is the configuration and code snippets.
 
- jetty 6.1.11 started via Maven jetty plugin:

...
			<plugin>
				<groupId>org.mortbay.jetty</groupId>
				<artifactId>maven-jetty-plugin</artifactId>
				<version>${jetty.version}</version>
				<configuration>
 					<connectors>
						<connector
implementation="org.mortbay.jetty.nio.SelectChannelConnector">
							<port>8082</port>
					    </connector>
					    <connector
implementation="org.mortbay.jetty.security.SslSocketConnector">
					       <port>8443</port>
					      
<keystore>${project.build.directory}/jetty-ssl.keystore</keystore>
					       <password>password</password>
					       <keyPassword>password</keyPassword>
					    </connector>
					</connectors>
					<webAppConfig>
            			<contextPath>....</contextPath>
          			</webAppConfig>
				</configuration>
			</plugin>

...

- ActiveMQ embedded broker is embedded within webapp and started runtime:
  ....
	@Override
	public void initialize(Map<String, Object> m) throws Exception {
		this.svc = new BrokerService();
		for (int i = 1;; i++) {
			String key = "connector" + i;
			if (!m.containsKey(key)) {break;}
			this.svc.addConnector((String) m.get(key));
		}
		initSSL();
		this.svc.start();
	}
	
	private void initSSL() throws Exception {
        TrustManager[] tms = getTrustManagers();     
        KeyManager[] kms = getKeyManagers(); 

        SSLContext context = SSLContext.getInstance("SSL"); 
        context.init(kms, tms, null); 
        
        SslContext ctxt = new SslContext(); 
        ctxt.setSSLContext(context); 
        
        SslContext.setCurrentSslContext(ctxt); 	        
	} 

	private TrustManager[] getTrustManagers() throws Exception { 
		// First, get the default TrustManagerFactory. 
		String alg = TrustManagerFactory.getDefaultAlgorithm(); 
		TrustManagerFactory tmFact = TrustManagerFactory.getInstance(alg); 		
		KeyStore ks = loadKeyStore();
		
		tmFact.init(ks); 
		
		// And now get the TrustManagers 
		TrustManager[] tms = tmFact.getTrustManagers(); 
		return tms; 
	} 

	private KeyManager[] getKeyManagers() throws Exception { 
		// First, get the default KeyManagerFactory. 
		String alg = KeyManagerFactory.getDefaultAlgorithm(); 
		KeyManagerFactory kmFact = KeyManagerFactory.getInstance(alg); 		
		KeyStore ks = loadKeyStore();
		
		// Now we initialise the KeyManagerFactory with this KeyStore 
		kmFact.init(ks, ssl_password.toCharArray()); 
		
		// And now get the KeyManagers 
		KeyManager[] kms = kmFact.getKeyManagers(); 
		return kms; 
	} 
	
	private KeyStore loadKeyStore() throws Exception {
		FileInputStream fis = null;
		KeyStore ks = null;
		
		try {
			fis = new FileInputStream(ssl_path); 
			ks = KeyStore.getInstance("jks"); 
			ks.load(fis, ssl_password.toCharArray());
		}
		finally {if (fis != null) fis.close();}
		return ks;
	}

	private BrokerService svc;
	private final static String ssl_password = "password";
	private final static String ssl_path = "/var/com/company/keys/jetty.jks";


Thank you,
Boris.



-- 
View this message in context: http://old.nabble.com/Configuring-ActiveMQ-Embedded-Broker-over-HTTPS-tp27429414p27429414.html
Sent from the ActiveMQ - User mailing list archive at Nabble.com.


Mime
View raw message