activemq-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Claudio Corsi <clco...@yahoo.com>
Subject Re: SSL: could not load resource
Date Wed, 12 Dec 2012 21:54:36 GMT
I have created a patch for this issue and added it to the issue that you mentioned in this
email. 

The fix allows you to pass a store that is not a valid classpath entry or url string.



>________________________________
> From: Geurt Schimmel <GSchimmel@schubergphilis.com>
>To: "users@activemq.apache.org" <users@activemq.apache.org>; 'Claudio Corsi' <clcorsi@yahoo.com>

>Sent: Tuesday, December 11, 2012 5:35 PM
>Subject: RE: SSL: could not load resource
> 
>Disabling the keystore-code in the source and setting the values at runtime fixes the
problem, so don't think the problem is in the broker-configuration:
>
>    <sslContext>
>         <sslContext
>            keyStore="file:${activemq.conf}/broker.ks"
>            keyStorePassword="xxxxxxxxx"
>            trustStore="file:${activemq.conf}/client.ts"
>            trustStorePassword="xxxxxxxxx"/>
>    </sslContext>
>
>Snippet of Producer.java:
>
>import javax.jms.Connection;
>import javax.jms.Destination;
>import javax.jms.MessageProducer;
>import javax.jms.Session;
>import javax.jms.TextMessage;
>
>import org.apache.activemq.ActiveMQSslConnectionFactory;
>
>public class Producer {
>        private static String user = "guest";
>        private static String password = "password";
>
>        private static String url = "ssl://127.0.0.1:61616";
>        private static String subject = "GUEST.FOO";
>
>        public static void main(String[] args) throws Exception {
>                ActiveMQSslConnectionFactory connectionFactory = new ActiveMQSslConnectionFactory(url);
>
>                connectionFactory.setTrustStore("/opt/activemq/conf/client.ts");
>                connectionFactory.setTrustStorePassword("xxxxxxxx");
>
>And after removing setTrustStore() and setTrustStorePassword(), it works by setting trustStore
system properties:
>
>java -Djavax.net.ssl.trustStore=/opt/activemq/conf/client.ts -Djavax.net.ssl.trustStorePassword=xxxxxx
Producer
>
>For failover URIs, it's a known problem, not fixed in ActiveMQ 5.7:
>https://issues.apache.org/jira/browse/AMQ-3785
>
>But my problem is with a simple SSL URI in the broker-configuration:
><transportConnector name="openwire" uri="ssl://0.0.0.0:61616"/>
>
>
>-----Original Message-----
>From: Claudio Corsi [mailto:clcorsi@yahoo.com] 
>Sent: Tuesday, December 11, 2012 6:04 PM
>To: users@activemq.apache.org
>Subject: Re: SSL: could not load resource
>
>I do not doubt that you are using ssl but are you setting up the configuration using the
sslContext element within the configuration file?
>
>This allow you to set the key and trust store files and their required passwords.  
>
>for instance,
>
><amq:broker useJmx="false" persistent="false"> <amq:sslContext> <amq:sslContext 
keyStore="server.keystore" keyStorePassword="password" trustStore="client.keystore" trustStorePassword="password"/>
</amq:sslContext> <amq:transportConnectors> <amq:transportConnector uri="ssl://localhost:61616"
/>  </amq:transportConnectors> </amq:broker> 
>
>You can also use the technique where you scramble the password and then pass the key using
an environment variable.
>I do not know how this is done off the top my head but can look for a reference.
>
>
>
>>________________________________
>> From: Geurt Schimmel <GSchimmel@schubergphilis.com>
>>To: "users@activemq.apache.org" <users@activemq.apache.org>; 'Claudio 
>>Corsi' <clcorsi@yahoo.com>
>>Sent: Tuesday, December 11, 2012 11:23 AM
>>Subject: RE: SSL: could not load resource
>> 
>>All brokers run SSL as the only communication-protocol and intercommunicate over SSL.
>>
>>-----Original Message-----
>>From: Claudio Corsi [mailto:clcorsi@yahoo.com]
>>Sent: Tuesday, December 11, 2012 5:17 PM
>>To: users@activemq.apache.org
>>Subject: Re: SSL: could not load resource
>>
>>Did you try to use the sslContext element to set your store information withint he
broker configuration file?
>>
>>Here is a link http://activemq.apache.org/how-do-i-use-ssl.html.
>>
>>
>>
>>>________________________________
>>> From: Geurt Schimmel <GSchimmel@schubergphilis.com>
>>>To: "users@activemq.apache.org" <users@activemq.apache.org>
>>>Sent: Tuesday, December 11, 2012 9:54 AM
>>>Subject: RE: SSL: could not load resource
>>> 
>>>Created key- and truststores for a number of brokers, so not using the packaged
.ks and .ts files.
>>>
>>>Tried different truststores in different locations, tried a path to a truststore
that didn't exist, just to see what happens. In all cases, the same error. Apparently, the
point where the keystore is accessed is not reached. Setting the same variables/values in
JAVA_OPTS works:
>>>
>>>java -Djavax.net.ssl.trustStore=/opt/activemq/conf/client.ts
>>>-Djavax.net.ssl.trustStorePassword=xxxxxxxx Producer
>>>
>>>-----Original Message-----
>>>From: Christian Posta [mailto:christian.posta@gmail.com]
>>>Sent: Tuesday, December 11, 2012 3:41 PM
>>>To: users@activemq.apache.org
>>>Subject: Re: SSL: could not load resource
>>>
>>>Is the client truststore in that location?  /opt/activemq/conf/client.ts I think
there was some issues with packaging activemq 5.7 and some of the client keystores might have
been missing.
>>>
>>>You'll have to copy from the 5.6.0 version
>>>
>>>
>>>
>>>
>>>On Tue, Dec 11, 2012 at 7:05 AM, Geurt Schimmel < GSchimmel@schubergphilis.com>
wrote:
>>>
>>>> Hi,
>>>>
>>>> My broker is running SSL only, with a 'simple' transportConnector:
>>>>      <transportConnector name="openwire" uri="ssl://0.0.0.0:61616"/>
>>>>
>>>> When trying to run a java-client:
>>>>
>>>> Exception in thread "main" javax.jms.JMSException: Could not create 
>>>>Transport. Reason: java.io.IOException: Could not load resource:
>>>> /opt/activemq/conf/client.ts
>>>>                 at
>>>> 
>>>>org.apache.activemq.util.JMSExceptionSupport.create(JMSExceptionSuppo
>>>>r
>>>>t.java:35)
>>>>                 at
>>>> 
>>>>org.apache.activemq.ActiveMQSslConnectionFactory.createTransport(Acti
>>>>v
>>>>eMQSslConnectionFactory.java:115)
>>>>                 at
>>>> 
>>>>org.apache.activemq.ActiveMQConnectionFactory.createActiveMQConnectio
>>>>n
>>>>(ActiveMQConnectionFactory.java:277)
>>>>                 at
>>>> 
>>>>org.apache.activemq.ActiveMQConnectionFactory.createConnection(Active
>>>>M
>>>>QConnectionFactory.java:202)
>>>>                 at Producer.main(Producer.java:32) Caused by: 
>>>> java.io.IOException: Could not load resource:
>>>> /opt/activemq/conf/client.ts
>>>>                 at
>>>> 
>>>>org.apache.activemq.ActiveMQSslConnectionFactory.getUrlOrResourceAsSt
>>>>r
>>>>eam(ActiveMQSslConnectionFactory.java:188)
>>>>                 at
>>>> 
>>>>org.apache.activemq.ActiveMQSslConnectionFactory.createTrustManager(A
>>>>c
>>>>tiveMQSslConnectionFactory.java:126)
>>>>                 at
>>>> 
>>>>org.apache.activemq.ActiveMQSslConnectionFactory.createTransport(Acti
>>>>v
>>>>eMQSslConnectionFactory.java:108)
>>>>                 ... 3 more
>>>>
>>>> Removed the java-code that deals with the truststore and moved the 
>>>> functionality  to JAVA_OPTS, but this is not what I want/expected.
>>>> Using  activemq-all-5.7-SNAPSHOT.jar.
>>>>
>>>> Thought this problem only occurs when using an SSL failover URI ?
>>>>
>>>> Thanks,
>>>> Geurt
>>>>
>>>
>>>
>>>
>>>--
>>>*Christian Posta*
>>>http://www.christianposta.com/blog
>>>twitter: @christianposta
>>>
>>>
>>>
>>
>>
>>
>
>
>
Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message