activemq-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Gary Tully <gary.tu...@gmail.com>
Subject Re: Unable to connect to broker over ssl
Date Tue, 15 Nov 2011 12:39:16 GMT
To easily set the trust stores etc, use;
http://activemq.apache.org/maven/5.5.0/activemq-core/apidocs/org/apache/activemq/ActiveMQSslConnectionFactory.html

On 14 November 2011 22:18, manua <agarwal.manu@gmail.com> wrote:
> Hi,
>
> I have setup the ssl in the broker as follows,
>
>
> <sslContext>
>            <sslContext keyStore="file:${activemq.base}/conf/broker.ks"
>              keyStorePassword="password"
> trustStore="file:${activemq.base}/conf/broker.ts"
>              trustStorePassword="password"/>
> </sslContext>
>
> And specified he transport connector as,
>
> <transportConnector name="ssl" uri="ssl://0.0.0.0:443"/>
>
> With this configuraton broker starts, but when I connect to it using a java
> consumer as,
>
> ActiveMQConnectionFactory factory =
>                new ActiveMQConnectionFactory("ssl://<server-ip>:443");
>
> I got the error,
>
> Could not connect to broker URL: ssl://<server-ip>:443. Reason:
> javax.net.ssl.SSLHandshakeException:
> sun.security.validator.ValidatorException: PKIX path building failed:
> sun.security.provider.certpath.SunCertPathBuilderException: unable to find
> valid certification path to requested target
>
> And in the activemq logs, it says,
>
> ERROR | Could not accept connection : javax.net.ssl.SSLHandshakeException:
> Received fatal alert: certificate_unknown
>
> I have followed the steps specified in
> http://activemq.apache.org/how-do-i-use-ssl.html, to generate and register
> the certificate.
> Also, set the
> SSL_OPTS=-Djavax.net.ssl.keyStore=MessageBrokerRoot/conf/broker.ks.
>
> But still getting the same error.
>
> How can I set the,
>
> javax.net.ssl.keyStore=/path/to/client.ks
> javax.net.ssl.keyStorePassword=password
> javax.net.ssl.trustStore=/path/to/client.ts
>
> And do I need to do any thing different at the client side, while connecting
> instead of changing url form tcp to ssl.
>
> Let me know your inputs.
>
> Thanks
> Manu
>
>
>
>
> --
> View this message in context: http://activemq.2283324.n4.nabble.com/Unable-to-connect-to-broker-over-ssl-tp4041082p4041082.html
> Sent from the ActiveMQ - User mailing list archive at Nabble.com.
>



-- 
http://fusesource.com
http://blog.garytully.com

Mime
View raw message