activemq-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Alistair Young" <Alistair.Yo...@uhi.ac.uk>
Subject Re: SSL without the JAVA_OPTS
Date Fri, 13 Jul 2012 15:43:01 GMT
aha, seems it's already on the radar. failover uri masks out ssl uri. Workaround is to force
it to use the keystore and truststore via Java OPTS.

http://activemq.2283324.n4.nabble.com/jira-Created-AMQ-3785-ActiveMQSslConnectionFactory-does-not-detect-ssl-request-in-failover-URIs-whens-td4501530.html

Alistair


mov eax,1
mov ebx,0
int 80h
>>> "Alistair Young"  13/07/12 4:32 PM >>>
the problem is with failover ssl. Using ssl://localhost:61617 works fine with ActiveMQSslConnectionFactory
and client auth.

failover:(ssl://localhost:61617) or failover:ssl://localhost:61617 breaks ActiveMQSslConnectionFactory
in that the keystore and truststore set in it are ignored and you have to use the Java OPTS
to get the connection to work.

Is this how it's meant to work?

Alistair



mov eax,1
mov ebx,0
int 80h

>>> "Alistair Young"  13/07/12 1:46 PM >>>
Not sure about this one but it's weird. If I use this code in a unit test against an embedded
SslBrokerService with client authentication enabled:

connectionFactory.setKeyStore(keystorePath);
connectionFactory.setKeyStorePassword(keystorePassword);
connectionFactory.setTrustStore(truststorePath);
connectionFactory.setTrustStorePassword(truststorePassword);
connectionFactory.createConnection();

it works fine. If I use the exact same code from a tomcat webapp, connectionFactory seems
to ignore both the keystore and the truststore and instead I have to set these:

javax.net.ssl.keyStore
javax.net.ssl.trustStore
etc

otherwise I get 'certificate_unknown' at the broker.

Is there any explanation for this?

thanks,

Alistair



mov eax,1
mov ebx,0
int 80h



Mime
  • Unnamed multipart/mixed (inline, None, 0 bytes)
View raw message