activemq-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bhuvaneshs <bhuvane...@infomindz.com>
Subject Is it possible to keep two certificates in activemq ssl context?
Date Mon, 08 May 2017 09:23:56 GMT
Is it possible to keep two certificates in activemq to communicate with two
different clients (i.e old client with old certificate and new client with
new certificate). In activemq keystore file I have imported two keys of old
and new certificates. 

In this the new client is communicating fine and the old client is unable to
communicate to activemq. The following exception I get while client tries to
connect to activemq

javax.jms.JMSException: sun.security.validator.ValidatorException: PKIX path
validation failed: java.security.cert.CertPathValidatorException: signature
check failed
    at
org.apache.activemq.util.JMSExceptionSupport.create(JMSExceptionSupport.java:62)
    at
org.apache.activemq.ActiveMQConnection.syncSendPacket(ActiveMQConnection.java:1298)
    at
org.apache.activemq.ActiveMQConnection.ensureConnectionInfoSent(ActiveMQConnection.java:1382)
    at
org.apache.activemq.ActiveMQConnection.createSession(ActiveMQConnection.java:309)
    at com.sample.ssl.job.handler.MessageQueueLocator.getJmsSession(Unknown
Source)
    at
com.sample.ssl.job.handler.MessageQueueLocator.sendMessageToGeneralQueue(Unknown
Source)
    at
com.sample.ssl.communication.JobResposeDispatcherInvoker.dispatchStartupMessage(Unknown
Source)
    at com.sample.ssl.job.MessageDispatchJob.dispatchStartupMessage(Unknown
Source)
    at com.sample.ssl.job.MessageDispatchJob.execute(Unknown Source)
    at org.quartz.core.JobRunShell.run(JobRunShell.java:202)
    at
org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:529)
Caused by: javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path validation failed:
java.security.cert.CertPathValidatorException: signature check failed
    at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
    at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1731)
    at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:241)
    at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:235)
    at
com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1206)
    at
com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:136)
    at
com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:593)
    at
com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:529)
    at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:925)
    at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1170)
    at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:637)
    at
com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:89)
    at
org.apache.activemq.transport.tcp.TcpBufferedOutputStream.flush(TcpBufferedOutputStream.java:115)
    at java.io.DataOutputStream.flush(DataOutputStream.java:106)
    at
org.apache.activemq.transport.tcp.TcpTransport.oneway(TcpTransport.java:181)
    at
org.apache.activemq.transport.InactivityMonitor.oneway(InactivityMonitor.java:255)
    at
org.apache.activemq.transport.WireFormatNegotiator.sendWireFormat(WireFormatNegotiator.java:168)
    at
org.apache.activemq.transport.WireFormatNegotiator.sendWireFormat(WireFormatNegotiator.java:84)
    at
org.apache.activemq.transport.WireFormatNegotiator.start(WireFormatNegotiator.java:74)
    at
org.apache.activemq.transport.failover.FailoverTransport.doReconnect(FailoverTransport.java:844)
    at
org.apache.activemq.transport.failover.FailoverTransport$2.iterate(FailoverTransport.java:135)
    at
org.apache.activemq.thread.PooledTaskRunner.runTask(PooledTaskRunner.java:122)
    at
org.apache.activemq.thread.PooledTaskRunner$1.run(PooledTaskRunner.java:43)
    at
java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
    at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
    at java.lang.Thread.run(Thread.java:662)
Caused by: sun.security.validator.ValidatorException: PKIX path validation
failed: java.security.cert.CertPathValidatorException: signature check
failed
    at
sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:289)
    at
sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:263)
    at
sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:184)
    at sun.security.validator.Validator.validate(Validator.java:218)
    at
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)
    at
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209)
    at
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249)
    at
com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1185)
    ... 21 more
Caused by: java.security.cert.CertPathValidatorException: signature check
failed
    at
sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:139)
    at
sun.security.provider.certpath.PKIXCertPathValidator.doValidate(PKIXCertPathValidator.java:330)
    at
sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(PKIXCertPathValidator.java:178)
    at
java.security.cert.CertPathValidator.validate(CertPathValidator.java:250)
    at
sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:275)
    ... 28 more
Caused by: java.security.SignatureException: Signature does not match.
    at sun.security.x509.X509CertImpl.verify(X509CertImpl.java:421)
    at
sun.security.provider.certpath.BasicChecker.verifySignature(BasicChecker.java:133)
    at
sun.security.provider.certpath.BasicChecker.check(BasicChecker.java:112)
    at
sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:117)
    ... 32 more

Can any one explain me why this not working, and why am getting this error?
If am doing anything wrong please direct me in correct way.



--
View this message in context: http://activemq.2283324.n4.nabble.com/Is-it-possible-to-keep-two-certificates-in-activemq-ssl-context-tp4725736.html
Sent from the ActiveMQ - User mailing list archive at Nabble.com.

Mime
View raw message