activemq-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From darkrwe <emini...@gmail.com>
Subject Re: setting up c++ client app using CMS using SSL client certificate auth
Date Thu, 07 Nov 2013 17:12:28 GMT
Hi Tim, 
thank you for answer.
I installed oracle JDK7 and now i don't get below problems.
Now I just want to summarize what i do.. Because my pem file is problematic
in client side.
Maybe another configuration i could miss.

> I'm getting below error on the client side (ubuntu 13.04 -same machine
> with 
> the client) 
> Error occurred while accessing an OpenSSL library method: 
> error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal 
> error 
> 
> I'm also getting below error from broker side (ubuntu 13.04 -same machine 
> with the client) 
> 2013-11-07 12:04:22,244 | ERROR | Could not accept connection from 
> tcp://127.0.0.1:55751: javax.net.ssl.SSLException: 
> java.security.ProviderException: 
> sun.security.pkcs11.wrapper.PKCS11Exception: CKR_DOMAIN_PARAMS_INVALID | 
> org.apache.activemq.broker.TransportConnector | ActiveMQ 
> BrokerService[localhost] Task-3 

*But now I have got the these error from client:*
*Error occurred while accessing an OpenSSL library method:
error:0906D06C:PEM routines:PEM_read_bio:no start line
error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib*


*I use below configuration in my cms client:*
I also enabled SSL in activeMQ.(installed openSSL and added proper prefix to
activeMQ installation)
 activemq::library::ActiveMQCPP::initializeLibrary(); 
 decaf::lang::System::setProperty(
"decaf.net.ssl.keyStore","/pathToPem/Client.pem");
 decaf::lang::System::setProperty("decaf.net.ssl.keyStorePassword",
"123456");
 decaf::lang::System::setProperty( "decaf.net.ssl.trustStore",
"/pathToPem/Broker.pem" );
 url ="ssl://localhost:61617";

in broker side i have done below configurations:
*in activemq.xml:*

    <sslContext>
        <sslContext
            keyStore="broker.ks" keyStorePassword="123456" 
            trustStore="client.ks" trustStorePassword="123456"/>
    </sslContext>
    <transportConnectors>
         <transportConnector name="ssl"
uri="ssl://localhost:61617?needClientAuth=true" />
         <transportConnector name="openwire" uri="tcp://0.0.0.0:61616?  
maximumConnections=1000&amp;wireformat.maxFrameSize=104857600"/>
         <transportConnector name="amqp"
uri="amqp://0.0.0.0:5672?maximumConnections=1000&amp;wireformat.maxFrameSize=104857600"/>
    </transportConnectors>

*I also export the SSL_OPTS environment parameter before starting the
broker:*
$ export SSL_OPTS="-Djavax.net.ssl.keyStore=/pathTobrokerks/broker.ks
-Djavax.net.ssl.keyStorePassword=123456
-Djavax.net.ssl.trustStore=/pathTobrokerts/broker.ts" 

Below commands for generating keystores and certificates:
$ keytool -genkey -alias broker -keyalg RSA -keystore broker.ks
$ keytool -export -alias broker -keystore broker.ks -file broker_cert
$ keytool -genkey -alias client -keyalg RSA -keystore client.ks
$ keytool -import -alias broker -keystore client.ts -file broker_cert
$ keytool -export -alias client -keystore client.ks -file client_cert
$ keytool -import -alias client -keystore broker.ts -file client_cert

*I have converted to cert files to pem files using below commands:*
$ keytool -importkeystore -srckeystore broker.ks -destkeystore
broker_cert.p12 -srcstoretype jks -deststoretype pkcs12 
$ openssl pkcs12 -in broker_cert.p12 -out Broker.pem 
$ keytool -importkeystore -srckeystore client.ks -destkeystore
client_cert.p12 -srcstoretype jks -deststoretype pkcs12 
$ openssl pkcs12 -in client_cert.p12 -out Client.pem 

is there any thing that i miss? or wrong configuration in client or broker
side ?

Thanks a lot.




 



--
View this message in context: http://activemq.2283324.n4.nabble.com/setting-up-c-client-app-using-CMS-using-SSL-client-certificate-auth-tp4664686p4674024.html
Sent from the ActiveMQ - User mailing list archive at Nabble.com.

Mime
View raw message