activemq-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Timothy Bish <tabish...@gmail.com>
Subject Re: setting up c++ client app using CMS using SSL client certificate auth
Date Sat, 07 Sep 2013 14:15:23 GMT
On 09/07/2013 08:00 AM, yuanbatou wrote:
> Thank you very much for your reply.
>
> I exported a certificate from broker's keystore and converted it to pem
> format using the following command:
>
>      $ keytool -importkeystore -srckeystore broker.ks -destkeystore
> broker_cert.p12 -srcstoretype jks -deststoretype pkcs12
>      $ openssl pkcs12 -in broker_cert.p12 -out client_ts.pem
>
> and used client_ts.pem on the client side as trust store, the code is
> something like:
>
>      decaf::lang::System::setProperty( "decaf.net.ssl.trustStore",
> "client_ts.pem" );
>
> but when I tried to connect to broker, I received this error from the client
> side:
>
>      Error: Error occurred while accessing an OpenSSL library method:
>      error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal
> error
>
> The following message showed in the activeMQ broker's log:
>
>      2013-09-07 04:43:43,080 | ERROR | Could not accept connection from
> tcp://192.168.209.1:22616: javax.net.ssl.SSLException: Connection has been
> shutdown: javax.net.ssl.SSLException: java.security.ProviderException:
> sun.security.pkcs11.wrapper.PKCS11Exception: CKR_DOMAIN_PARAMS_INVALID |
> org.apache.activemq.broker.TransportConnector | ActiveMQ
> BrokerService[test_all_interface] Task-3
>
> Does this mean that my pem file is still wrong?
>
>
>
> --
> View this message in context: http://activemq.2283324.n4.nabble.com/setting-up-c-client-app-using-CMS-using-SSL-client-certificate-auth-tp4664686p4671281.html
> Sent from the ActiveMQ - User mailing list archive at Nabble.com.
>
One of the first things to do is to enable the Java SSL debug mode on 
the broker side and see what is going on.

-Djavax.net.debug=ssl

-- 
Tim Bish
Sr Software Engineer | RedHat Inc.
tim.bish@redhat.com | www.fusesource.com | www.redhat.com
skype: tabish121 | twitter: @tabish121
blog: http://timbish.blogspot.com/


Mime
View raw message