activemq-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ee7arh <andrew.hu...@2e-systems.com>
Subject Client side SSL with specified Key and Truststores
Date Mon, 08 Mar 2010 17:07:14 GMT

Hi,

I have a broker application which needs to connect to another broker using
fake certificates. Therefore I followed the instructions on activeMq website
and created certificates and imported them as described in the tutorial:

http://activemq.apache.org/how-do-i-use-ssl.html ActiveMQ SSL HowTo 

When I set system wide properties as follows, it works fine: 

javax.net.ssl.keyStore=/path/to/client.ks
javax.net.ssl.keyStorePassword=password
javax.net.ssl.trustStore=/path/to/client.ts

However my broker also needs to connect using SSL in other unrelated parts
of the application and since I have overridden the default keystores, I am
having problems since I have overridden the default java keystore.

In the tutorial it offers a solution on the broker side of things to get
around this by using the "sslContext" property in the broker. However it
does not offer a solution from the client's perspective.

I tried downloading the 2nd patch from:

  http://issues.apache.org/activemq/browse/AMQ-1754
http://issues.apache.org/activemq/browse/AMQ-1754 

so that I can set the Keystore and Truststores on the factory level but this
simply did not work. It looks like even though I override the
ConnectionFactory, it is never used.

I am setting up the following Beans from spring so that I can connect via
Camel. Notice I have overridden the ActiveMQConnectionFactory with the
patch:

<bean id = "sslConnectionFactory"
class="com.downloadedfrom.amq1754.ActiveMQSslConnectionFactoryx">
                <property name="brokerURL"
value="failover:(ssl:remoteHostBroker:1818)?startupMaxReconnectAttempts=5&amp;initialReconnectDelay=1000&amp;useExponentialBackOff=true"
/>
                <property name="userName" value="${jms.username}" />
                <property name="password" value="${jms.password}" />
                <property name="keyStore" value="../config/client.ks" />
                <property name="keyStorePassword" value="password" />
                <property name="trustStore" value="../config/client.ts" />
                <property name="trustStorePassword" value="password" />
            </bean>
    
    <!-- Queue conneciton so that Camel can use the connection-->
    <bean id="myJmsComponent"
class="org.apache.activemq.camel.component.ActiveMQComponent">
		<property name="connectionFactory">
			<bean id="conxFactory"
                  factory-bean="sslConnectionFactory"
                  factory-method="getInstance"/>
		</property>
	</bean>

I modified the patch slightly so that it can be instantiated from Spring,
here is my modified version.

http://old.nabble.com/file/p27824328/ActiveMQSslConnectionFactoryx.java
ActiveMQSslConnectionFactoryx.java 


When I try to connect, I always get this error which indicates that the
certificate is not found:

Could not refresh JMS Connection for destination '2eQueue' - retrying in
5000 ms. Cause: sun.security.validator.ValidatorException: PKIX path
building failed: sun.security.provider.certpath.SunCertPathBuilderExcepti
on: unable to find valid certification path to requested target


Does anyone have an idea how I can specify the trust and keystores on a
specific connection rather than having to rely on the System wide
properties?

Thanks and BRegards
Andrew

-- 
View this message in context: http://old.nabble.com/Client-side-SSL-with-specified-Key-and-Truststores-tp27824328p27824328.html
Sent from the ActiveMQ - User mailing list archive at Nabble.com.


Mime
View raw message