activemq-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dejan Bosanac <de...@nighttale.net>
Subject Re: Client side SSL with specified Key and Truststores
Date Tue, 09 Mar 2010 07:40:08 GMT
Hi,

I just created an enhancement request to allow configuring clients with
<sslContext> tag - https://issues.apache.org/activemq/browse/AMQ-2642

I haven't looked at the AMQ-1754 patch yet, but this message usually appears
when certificates cannot be found. Are you sure you have keystore/trustore
in the right places?

Cheers
--
Dejan Bosanac - http://twitter.com/dejanb

Open Source Integration - http://fusesource.com/
ActiveMQ in Action - http://www.manning.com/snyder/
Blog - http://www.nighttale.net


On Mon, Mar 8, 2010 at 6:07 PM, ee7arh <andrew.hurst@2e-systems.com> wrote:

>
> Hi,
>
> I have a broker application which needs to connect to another broker using
> fake certificates. Therefore I followed the instructions on activeMq
> website
> and created certificates and imported them as described in the tutorial:
>
> http://activemq.apache.org/how-do-i-use-ssl.html ActiveMQ SSL HowTo
>
> When I set system wide properties as follows, it works fine:
>
> javax.net.ssl.keyStore=/path/to/client.ks
> javax.net.ssl.keyStorePassword=password
> javax.net.ssl.trustStore=/path/to/client.ts
>
> However my broker also needs to connect using SSL in other unrelated parts
> of the application and since I have overridden the default keystores, I am
> having problems since I have overridden the default java keystore.
>
> In the tutorial it offers a solution on the broker side of things to get
> around this by using the "sslContext" property in the broker. However it
> does not offer a solution from the client's perspective.
>
> I tried downloading the 2nd patch from:
>
>  http://issues.apache.org/activemq/browse/AMQ-1754
> http://issues.apache.org/activemq/browse/AMQ-1754
>
> so that I can set the Keystore and Truststores on the factory level but
> this
> simply did not work. It looks like even though I override the
> ConnectionFactory, it is never used.
>
> I am setting up the following Beans from spring so that I can connect via
> Camel. Notice I have overridden the ActiveMQConnectionFactory with the
> patch:
>
> <bean id = "sslConnectionFactory"
> class="com.downloadedfrom.amq1754.ActiveMQSslConnectionFactoryx">
>                <property name="brokerURL"
>
> value="failover:(ssl:remoteHostBroker:1818)?startupMaxReconnectAttempts=5&amp;initialReconnectDelay=1000&amp;useExponentialBackOff=true"
> />
>                <property name="userName" value="${jms.username}" />
>                <property name="password" value="${jms.password}" />
>                <property name="keyStore" value="../config/client.ks" />
>                <property name="keyStorePassword" value="password" />
>                <property name="trustStore" value="../config/client.ts" />
>                <property name="trustStorePassword" value="password" />
>            </bean>
>
>    <!-- Queue conneciton so that Camel can use the connection-->
>    <bean id="myJmsComponent"
> class="org.apache.activemq.camel.component.ActiveMQComponent">
>                <property name="connectionFactory">
>                        <bean id="conxFactory"
>                  factory-bean="sslConnectionFactory"
>                  factory-method="getInstance"/>
>                </property>
>        </bean>
>
> I modified the patch slightly so that it can be instantiated from Spring,
> here is my modified version.
>
> http://old.nabble.com/file/p27824328/ActiveMQSslConnectionFactoryx.java
> ActiveMQSslConnectionFactoryx.java
>
>
> When I try to connect, I always get this error which indicates that the
> certificate is not found:
>
> Could not refresh JMS Connection for destination '2eQueue' - retrying in
> 5000 ms. Cause: sun.security.validator.ValidatorException: PKIX path
> building failed: sun.security.provider.certpath.SunCertPathBuilderExcepti
> on: unable to find valid certification path to requested target
>
>
> Does anyone have an idea how I can specify the trust and keystores on a
> specific connection rather than having to rely on the System wide
> properties?
>
> Thanks and BRegards
> Andrew
>
> --
> View this message in context:
> http://old.nabble.com/Client-side-SSL-with-specified-Key-and-Truststores-tp27824328p27824328.html
> Sent from the ActiveMQ - User mailing list archive at Nabble.com.
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message