activemq-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Geurt Schimmel <GSchim...@schubergphilis.com>
Subject RE: SSL: could not load resource
Date Tue, 11 Dec 2012 22:35:58 GMT
Disabling the keystore-code in the source and setting the values at runtime fixes the problem,
so don't think the problem is in the broker-configuration:

    <sslContext>
         <sslContext
            keyStore="file:${activemq.conf}/broker.ks"
            keyStorePassword="xxxxxxxxx"
            trustStore="file:${activemq.conf}/client.ts"
            trustStorePassword="xxxxxxxxx"/>
    </sslContext>

Snippet of Producer.java:

import javax.jms.Connection;
import javax.jms.Destination;
import javax.jms.MessageProducer;
import javax.jms.Session;
import javax.jms.TextMessage;

import org.apache.activemq.ActiveMQSslConnectionFactory;

public class Producer {
        private static String user = "guest";
        private static String password = "password";

        private static String url = "ssl://127.0.0.1:61616";
        private static String subject = "GUEST.FOO";

        public static void main(String[] args) throws Exception {
                ActiveMQSslConnectionFactory connectionFactory = new ActiveMQSslConnectionFactory(url);

                connectionFactory.setTrustStore("/opt/activemq/conf/client.ts");
                connectionFactory.setTrustStorePassword("xxxxxxxx");

And after removing setTrustStore() and setTrustStorePassword(), it works by setting trustStore
system properties:

java -Djavax.net.ssl.trustStore=/opt/activemq/conf/client.ts -Djavax.net.ssl.trustStorePassword=xxxxxx
Producer

For failover URIs, it's a known problem, not fixed in ActiveMQ 5.7:
https://issues.apache.org/jira/browse/AMQ-3785

But my problem is with a simple SSL URI in the broker-configuration:
<transportConnector name="openwire" uri="ssl://0.0.0.0:61616"/>


-----Original Message-----
From: Claudio Corsi [mailto:clcorsi@yahoo.com] 
Sent: Tuesday, December 11, 2012 6:04 PM
To: users@activemq.apache.org
Subject: Re: SSL: could not load resource

I do not doubt that you are using ssl but are you setting up the configuration using the sslContext
element within the configuration file?

This allow you to set the key and trust store files and their required passwords.  

for instance,

<amq:broker useJmx="false" persistent="false"> <amq:sslContext> <amq:sslContext
 keyStore="server.keystore" keyStorePassword="password" trustStore="client.keystore" trustStorePassword="password"/>
</amq:sslContext> <amq:transportConnectors> <amq:transportConnector uri="ssl://localhost:61616"
/>  </amq:transportConnectors> </amq:broker> 

You can also use the technique where you scramble the password and then pass the key using
an environment variable.
I do not know how this is done off the top my head but can look for a reference.



>________________________________
> From: Geurt Schimmel <GSchimmel@schubergphilis.com>
>To: "users@activemq.apache.org" <users@activemq.apache.org>; 'Claudio 
>Corsi' <clcorsi@yahoo.com>
>Sent: Tuesday, December 11, 2012 11:23 AM
>Subject: RE: SSL: could not load resource
> 
>All brokers run SSL as the only communication-protocol and intercommunicate over SSL.
>
>-----Original Message-----
>From: Claudio Corsi [mailto:clcorsi@yahoo.com]
>Sent: Tuesday, December 11, 2012 5:17 PM
>To: users@activemq.apache.org
>Subject: Re: SSL: could not load resource
>
>Did you try to use the sslContext element to set your store information withint he broker
configuration file?
>
>Here is a link http://activemq.apache.org/how-do-i-use-ssl.html.
>
>
>
>>________________________________
>> From: Geurt Schimmel <GSchimmel@schubergphilis.com>
>>To: "users@activemq.apache.org" <users@activemq.apache.org>
>>Sent: Tuesday, December 11, 2012 9:54 AM
>>Subject: RE: SSL: could not load resource
>> 
>>Created key- and truststores for a number of brokers, so not using the packaged .ks
and .ts files.
>>
>>Tried different truststores in different locations, tried a path to a truststore that
didn't exist, just to see what happens. In all cases, the same error. Apparently, the point
where the keystore is accessed is not reached. Setting the same variables/values in JAVA_OPTS
works:
>>
>>java -Djavax.net.ssl.trustStore=/opt/activemq/conf/client.ts
>>-Djavax.net.ssl.trustStorePassword=xxxxxxxx Producer
>>
>>-----Original Message-----
>>From: Christian Posta [mailto:christian.posta@gmail.com]
>>Sent: Tuesday, December 11, 2012 3:41 PM
>>To: users@activemq.apache.org
>>Subject: Re: SSL: could not load resource
>>
>>Is the client truststore in that location?  /opt/activemq/conf/client.ts I think
there was some issues with packaging activemq 5.7 and some of the client keystores might have
been missing.
>>
>>You'll have to copy from the 5.6.0 version
>>
>>
>>
>>
>>On Tue, Dec 11, 2012 at 7:05 AM, Geurt Schimmel < GSchimmel@schubergphilis.com>
wrote:
>>
>>> Hi,
>>>
>>> My broker is running SSL only, with a 'simple' transportConnector:
>>>      <transportConnector name="openwire" uri="ssl://0.0.0.0:61616"/>
>>>
>>> When trying to run a java-client:
>>>
>>> Exception in thread "main" javax.jms.JMSException: Could not create 
>>>Transport. Reason: java.io.IOException: Could not load resource:
>>> /opt/activemq/conf/client.ts
>>>                 at
>>> 
>>>org.apache.activemq.util.JMSExceptionSupport.create(JMSExceptionSuppo
>>>r
>>>t.java:35)
>>>                 at
>>> 
>>>org.apache.activemq.ActiveMQSslConnectionFactory.createTransport(Acti
>>>v
>>>eMQSslConnectionFactory.java:115)
>>>                 at
>>> 
>>>org.apache.activemq.ActiveMQConnectionFactory.createActiveMQConnectio
>>>n
>>>(ActiveMQConnectionFactory.java:277)
>>>                 at
>>> 
>>>org.apache.activemq.ActiveMQConnectionFactory.createConnection(Active
>>>M
>>>QConnectionFactory.java:202)
>>>                 at Producer.main(Producer.java:32) Caused by: 
>>> java.io.IOException: Could not load resource:
>>> /opt/activemq/conf/client.ts
>>>                 at
>>> 
>>>org.apache.activemq.ActiveMQSslConnectionFactory.getUrlOrResourceAsSt
>>>r
>>>eam(ActiveMQSslConnectionFactory.java:188)
>>>                 at
>>> 
>>>org.apache.activemq.ActiveMQSslConnectionFactory.createTrustManager(A
>>>c
>>>tiveMQSslConnectionFactory.java:126)
>>>                 at
>>> 
>>>org.apache.activemq.ActiveMQSslConnectionFactory.createTransport(Acti
>>>v
>>>eMQSslConnectionFactory.java:108)
>>>                 ... 3 more
>>>
>>> Removed the java-code that deals with the truststore and moved the 
>>> functionality  to JAVA_OPTS, but this is not what I want/expected.
>>> Using  activemq-all-5.7-SNAPSHOT.jar.
>>>
>>> Thought this problem only occurs when using an SSL failover URI ?
>>>
>>> Thanks,
>>> Geurt
>>>
>>
>>
>>
>>--
>>*Christian Posta*
>>http://www.christianposta.com/blog
>>twitter: @christianposta
>>
>>
>>
>
>
>

Mime
View raw message