Return-Path: X-Original-To: apmail-activemq-users-archive@www.apache.org Delivered-To: apmail-activemq-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 2A0A311DE5 for ; Sun, 27 Apr 2014 07:58:30 +0000 (UTC) Received: (qmail 32471 invoked by uid 500); 27 Apr 2014 07:58:29 -0000 Delivered-To: apmail-activemq-users-archive@activemq.apache.org Received: (qmail 31771 invoked by uid 500); 27 Apr 2014 07:58:23 -0000 Mailing-List: contact users-help@activemq.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: users@activemq.apache.org Delivered-To: mailing list users@activemq.apache.org Received: (qmail 31751 invoked by uid 99); 27 Apr 2014 07:58:21 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 27 Apr 2014 07:58:21 +0000 X-ASF-Spam-Status: No, hits=2.2 required=5.0 tests=HTML_MESSAGE,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: local policy includes SPF record at spf.trusted-forwarder.org) Received: from [74.201.84.155] (HELO sender1.zohomail.com) (74.201.84.155) by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 27 Apr 2014 07:58:16 +0000 Received: from ChazBook.local (r180-216-114-147.cpe.vividwireless.net.au [180.216.114.147]) by mx.zohomail.com with SMTPS id 1398585473381479.3679831268373; Sun, 27 Apr 2014 00:57:53 -0700 (PDT) Date: Sun, 27 Apr 2014 15:57:32 +0800 From: "Charlie P." To: users@activemq.apache.org Message-ID: In-Reply-To: <5359CA3C.5060203@kaya.io> References: <5359CA3C.5060203@kaya.io> Subject: Re: SSL problems with apollo 1.7, unknown_ca error X-Mailer: Airmail (237) MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="535cb87b_327b23c6_2279" X-ZohoMailClient: External X-Zoho-Virus-Status: 2 X-Virus-Checked: Checked by ClamAV on apache.org --535cb87b_327b23c6_2279 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Problem was resolved by creating a new JKS with the entire certificate ch= ain added. Interestingly, the web admin page worked fine without the chai= n but the MQTT connector did not. Can anybody advise how we can get this fix added as a note in the docs=3F= On 25 April 2014 at 10:36:50 am, Charlie P. (cp=40kaya.io) wrote: Hi all, I'm trying to install Apollo 1.7 and set SSL with my own server certifica= te (issued by startcom). Steps performed: Created JKS Imported my private key using keytool Configured apollo.xml to use my new keytool. Now the web admin HTTPS interface works fine, but its the ssl connection = to the mqtt broker that isn't working. I've been testing using mosquitto=5F= pub and get this: mosquitto=5Fpub -h dev.kaya.io -p 61614 -f =7E/input=C2=A0 -t chazman --c= afile /media/truecrypt1/SSL/kaya-startssl/ca.pem -d Client mosqpub/10571-brahma sending CONNECT OpenSSL Error: error:14090086:SSL routines:SSL3=5FGET=5FSERVER=5FCERTI=46= ICATE:certificate verify failed Error: Protocol error In my Stacktrace.log I get these errors below. Does anyone have any ideas= whats wrong=3F --- LOGS =3D=3D> connection.log <=3D=3D 2014-04-25 10:35:47,614 connected: local:/127.0.0.1:61614, remote:/127.0.= 0.1:42632 =3D=3D> apollo.log <=3D=3D 2014-04-25 10:35:47,972 =7C IN=46O=C2=A0 =7C javax.net.ssl.SSLException: = Received fatal alert: unknown=5Fca =7C 14596bd0785 =3D=3D> stacktrace.log <=3D=3D 2014-04-25 10:35:47,973 =7C IN=46O=C2=A0 =7C stackref=3D14596bd0785 javax.net.ssl.SSLException: Received fatal alert: unknown=5Fca =C2=A0=C2=A0=C2=A0 at sun.security.ssl.Alerts.getSSLException(Alerts.java= :208) =C2=A0=C2=A0=C2=A0 at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.= java:1630) =C2=A0=C2=A0=C2=A0 at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.= java:1598) =C2=A0=C2=A0=C2=A0 at sun.security.ssl.SSLEngineImpl.recvAlert(SSLEngineI= mpl.java:1767) =C2=A0=C2=A0=C2=A0 at sun.security.ssl.SSLEngineImpl.readRecord(SSLEngine= Impl.java:1063) =C2=A0=C2=A0=C2=A0 at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEng= ineImpl.java:887) =C2=A0=C2=A0=C2=A0 at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl= .java:761) =C2=A0=C2=A0=C2=A0 at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624) =C2=A0=C2=A0=C2=A0 at org.fusesource.hawtdispatch.transport.SslTransport.= secure=5Fread(SslTransport.java:369) =C2=A0=C2=A0=C2=A0 at org.fusesource.hawtdispatch.transport.SslTransport.= handshake(SslTransport.java:434) =C2=A0=C2=A0=C2=A0 at org.fusesource.hawtdispatch.transport.SslTransport.= drainInbound(SslTransport.java:274) =C2=A0=C2=A0=C2=A0 at org.fusesource.hawtdispatch.transport.TcpTransport=24= 6.run(TcpTransport.java:588) =C2=A0=C2=A0=C2=A0 at org.fusesource.hawtdispatch.internal.NioDispatchSou= rce=243.run(NioDispatchSource.java:209) =C2=A0=C2=A0=C2=A0 at org.fusesource.hawtdispatch.internal.SerialDispatch= Queue.run(SerialDispatchQueue.java:100) =C2=A0=C2=A0=C2=A0 at org.fusesource.hawtdispatch.internal.pool.SimpleThr= ead.run(SimpleThread.java:77) =3D=3D> connection.log <=3D=3D 2014-04-25 10:35:47,977 disconnected: local:/127.0.0.1:61614, remote:/127= .0.0.1:42632 --535cb87b_327b23c6_2279--