activemq-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From darkrwe <>
Subject Re: setting up c++ client app using CMS using SSL client certificate auth
Date Thu, 07 Nov 2013 17:12:28 GMT
Hi Tim, 
thank you for answer.
I installed oracle JDK7 and now i don't get below problems.
Now I just want to summarize what i do.. Because my pem file is problematic
in client side.
Maybe another configuration i could miss.

> I'm getting below error on the client side (ubuntu 13.04 -same machine
> with 
> the client) 
> Error occurred while accessing an OpenSSL library method: 
> error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal 
> error 
> I'm also getting below error from broker side (ubuntu 13.04 -same machine 
> with the client) 
> 2013-11-07 12:04:22,244 | ERROR | Could not accept connection from 
> tcp:// 
> | ActiveMQ 
> BrokerService[localhost] Task-3 

*But now I have got the these error from client:*
*Error occurred while accessing an OpenSSL library method:
error:0906D06C:PEM routines:PEM_read_bio:no start line
error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib*

*I use below configuration in my cms client:*
I also enabled SSL in activeMQ.(installed openSSL and added proper prefix to
activeMQ installation)
 decaf::lang::System::setProperty( "",
"/pathToPem/Broker.pem" );
 url ="ssl://localhost:61617";

in broker side i have done below configurations:
*in activemq.xml:*

            keyStore="broker.ks" keyStorePassword="123456" 
            trustStore="client.ks" trustStorePassword="123456"/>
         <transportConnector name="ssl"
uri="ssl://localhost:61617?needClientAuth=true" />
         <transportConnector name="openwire" uri="tcp://  
         <transportConnector name="amqp"

*I also export the SSL_OPTS environment parameter before starting the
$ export SSL_OPTS="" 

Below commands for generating keystores and certificates:
$ keytool -genkey -alias broker -keyalg RSA -keystore broker.ks
$ keytool -export -alias broker -keystore broker.ks -file broker_cert
$ keytool -genkey -alias client -keyalg RSA -keystore client.ks
$ keytool -import -alias broker -keystore client.ts -file broker_cert
$ keytool -export -alias client -keystore client.ks -file client_cert
$ keytool -import -alias client -keystore broker.ts -file client_cert

*I have converted to cert files to pem files using below commands:*
$ keytool -importkeystore -srckeystore broker.ks -destkeystore
broker_cert.p12 -srcstoretype jks -deststoretype pkcs12 
$ openssl pkcs12 -in broker_cert.p12 -out Broker.pem 
$ keytool -importkeystore -srckeystore client.ks -destkeystore
client_cert.p12 -srcstoretype jks -deststoretype pkcs12 
$ openssl pkcs12 -in client_cert.p12 -out Client.pem 

is there any thing that i miss? or wrong configuration in client or broker
side ?

Thanks a lot.


View this message in context:
Sent from the ActiveMQ - User mailing list archive at

View raw message