activemq-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From manua <agarwal.m...@gmail.com>
Subject Unable to connect to broker over ssl
Date Mon, 14 Nov 2011 22:18:27 GMT
Hi,

I have setup the ssl in the broker as follows,


<sslContext>
            <sslContext keyStore="file:${activemq.base}/conf/broker.ks" 
              keyStorePassword="password"
trustStore="file:${activemq.base}/conf/broker.ts" 
              trustStorePassword="password"/>
</sslContext>

And specified he transport connector as, 

<transportConnector name="ssl" uri="ssl://0.0.0.0:443"/>

With this configuraton broker starts, but when I connect to it using a java
consumer as,

ActiveMQConnectionFactory factory = 
                new ActiveMQConnectionFactory("ssl://<server-ip>:443");

I got the error, 

Could not connect to broker URL: ssl://<server-ip>:443. Reason:
javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target

And in the activemq logs, it says,

ERROR | Could not accept connection : javax.net.ssl.SSLHandshakeException:
Received fatal alert: certificate_unknown

I have followed the steps specified in
http://activemq.apache.org/how-do-i-use-ssl.html, to generate and register
the certificate.
Also, set the
SSL_OPTS=-Djavax.net.ssl.keyStore=MessageBrokerRoot/conf/broker.ks.

But still getting the same error.

How can I set the,

javax.net.ssl.keyStore=/path/to/client.ks
javax.net.ssl.keyStorePassword=password
javax.net.ssl.trustStore=/path/to/client.ts

And do I need to do any thing different at the client side, while connecting
instead of changing url form tcp to ssl.

Let me know your inputs.

Thanks
Manu




--
View this message in context: http://activemq.2283324.n4.nabble.com/Unable-to-connect-to-broker-over-ssl-tp4041082p4041082.html
Sent from the ActiveMQ - User mailing list archive at Nabble.com.

Mime
View raw message