Hi,
I have a broker application which needs to connect to another broker using
fake certificates. Therefore I followed the instructions on activeMq website
and created certificates and imported them as described in the tutorial:
http://activemq.apache.org/how-do-i-use-ssl.html ActiveMQ SSL HowTo
When I set system wide properties as follows, it works fine:
javax.net.ssl.keyStore=/path/to/client.ks
javax.net.ssl.keyStorePassword=password
javax.net.ssl.trustStore=/path/to/client.ts
However my broker also needs to connect using SSL in other unrelated parts
of the application and since I have overridden the default keystores, I am
having problems since I have overridden the default java keystore.
In the tutorial it offers a solution on the broker side of things to get
around this by using the "sslContext" property in the broker. However it
does not offer a solution from the client's perspective.
I tried downloading the 2nd patch from:
http://issues.apache.org/activemq/browse/AMQ-1754
http://issues.apache.org/activemq/browse/AMQ-1754
so that I can set the Keystore and Truststores on the factory level but this
simply did not work. It looks like even though I override the
ConnectionFactory, it is never used.
I am setting up the following Beans from spring so that I can connect via
Camel. Notice I have overridden the ActiveMQConnectionFactory with the
patch:
<bean id = "sslConnectionFactory"
class="com.downloadedfrom.amq1754.ActiveMQSslConnectionFactoryx">
<property name="brokerURL"
value="failover:(ssl:remoteHostBroker:1818)?startupMaxReconnectAttempts=5&initialReconnectDelay=1000&useExponentialBackOff=true"
/>
<property name="userName" value="${jms.username}" />
<property name="password" value="${jms.password}" />
<property name="keyStore" value="../config/client.ks" />
<property name="keyStorePassword" value="password" />
<property name="trustStore" value="../config/client.ts" />
<property name="trustStorePassword" value="password" />
</bean>
<!-- Queue conneciton so that Camel can use the connection-->
<bean id="myJmsComponent"
class="org.apache.activemq.camel.component.ActiveMQComponent">
<property name="connectionFactory">
<bean id="conxFactory"
factory-bean="sslConnectionFactory"
factory-method="getInstance"/>
</property>
</bean>
I modified the patch slightly so that it can be instantiated from Spring,
here is my modified version.
http://old.nabble.com/file/p27824328/ActiveMQSslConnectionFactoryx.java
ActiveMQSslConnectionFactoryx.java
When I try to connect, I always get this error which indicates that the
certificate is not found:
Could not refresh JMS Connection for destination '2eQueue' - retrying in
5000 ms. Cause: sun.security.validator.ValidatorException: PKIX path
building failed: sun.security.provider.certpath.SunCertPathBuilderExcepti
on: unable to find valid certification path to requested target
Does anyone have an idea how I can specify the trust and keystores on a
specific connection rather than having to rely on the System wide
properties?
Thanks and BRegards
Andrew
--
View this message in context: http://old.nabble.com/Client-side-SSL-with-specified-Key-and-Truststores-tp27824328p27824328.html
Sent from the ActiveMQ - User mailing list archive at Nabble.com.
|