activemq-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ee7arh <>
Subject Client side SSL with specified Key and Truststores
Date Mon, 08 Mar 2010 17:07:14 GMT


I have a broker application which needs to connect to another broker using
fake certificates. Therefore I followed the instructions on activeMq website
and created certificates and imported them as described in the tutorial: ActiveMQ SSL HowTo 

When I set system wide properties as follows, it works fine:

However my broker also needs to connect using SSL in other unrelated parts
of the application and since I have overridden the default keystores, I am
having problems since I have overridden the default java keystore.

In the tutorial it offers a solution on the broker side of things to get
around this by using the "sslContext" property in the broker. However it
does not offer a solution from the client's perspective.

I tried downloading the 2nd patch from: 

so that I can set the Keystore and Truststores on the factory level but this
simply did not work. It looks like even though I override the
ConnectionFactory, it is never used.

I am setting up the following Beans from spring so that I can connect via
Camel. Notice I have overridden the ActiveMQConnectionFactory with the

<bean id = "sslConnectionFactory"
                <property name="brokerURL"
                <property name="userName" value="${jms.username}" />
                <property name="password" value="${jms.password}" />
                <property name="keyStore" value="../config/client.ks" />
                <property name="keyStorePassword" value="password" />
                <property name="trustStore" value="../config/client.ts" />
                <property name="trustStorePassword" value="password" />
    <!-- Queue conneciton so that Camel can use the connection-->
    <bean id="myJmsComponent"
		<property name="connectionFactory">
			<bean id="conxFactory"

I modified the patch slightly so that it can be instantiated from Spring,
here is my modified version. 

When I try to connect, I always get this error which indicates that the
certificate is not found:

Could not refresh JMS Connection for destination '2eQueue' - retrying in
5000 ms. Cause: PKIX path
building failed:
on: unable to find valid certification path to requested target

Does anyone have an idea how I can specify the trust and keystores on a
specific connection rather than having to rely on the System wide

Thanks and BRegards

View this message in context:
Sent from the ActiveMQ - User mailing list archive at

View raw message