aha, seems it's already on the radar. failover uri masks out ssl uri. Workaround is to force it to use the keystore and truststore via Java OPTS.

http://activemq.2283324.n4.nabble.com/jira-Created-AMQ-3785-ActiveMQSslConnectionFactory-does-not-detect-ssl-request-in-failover-URIs-whens-td4501530.html

Alistair



mov eax,1
mov ebx,0
int 80h

>>> "Alistair Young" 13/07/12 4:32 PM >>>
the problem is with failover ssl. Using ssl://localhost:61617 works fine with ActiveMQSslConnectionFactory and client auth.

failover:(ssl://localhost:61617) or failover:ssl://localhost:61617 breaks ActiveMQSslConnectionFactory in that the keystore and truststore set in it are ignored and you have to use the Java OPTS to get the connection to work.

Is this how it's meant to work?

Alistair



mov eax,1
mov ebx,0
int 80h

>>> "Alistair Young" 13/07/12 1:46 PM >>>
Not sure about this one but it's weird. If I use this code in a unit test against an embedded SslBrokerService with client authentication enabled:

connectionFactory.setKeyStore(keystorePath);
connectionFactory.setKeyStorePassword(keystorePassword);
connectionFactory.setTrustStore(truststorePath);
connectionFactory.setTrustStorePassword(truststorePassword);
connectionFactory.createConnection();

it works fine. If I use the exact same code from a tomcat webapp, connectionFactory seems to ignore both the keystore and the truststore and instead I have to set these:

javax.net.ssl.keyStore
javax.net.ssl.trustStore
etc

otherwise I get 'certificate_unknown' at the broker.

Is there any explanation for this?

thanks,

Alistair



mov eax,1
mov ebx,0
int 80h