qpid-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From oru...@apache.org
Subject [qpid-broker-j] 01/03: QPID-8281: [Broker-J][Tests] Regenerate test certificates with RSA 2048bits keys and copy the keystores into corresponding module test resources
Date Wed, 06 Mar 2019 16:15:30 GMT
This is an automated email from the ASF dual-hosted git repository.

orudyy pushed a commit to branch 7.0.x
in repository https://gitbox.apache.org/repos/asf/qpid-broker-j.git

commit 67d0be52dadd905841f7f454585723e9dae53140
Author: Alex Rudyy <orudyy@apache.org>
AuthorDate: Wed Feb 27 16:11:33 2019 +0000

    QPID-8281: [Broker-J][Tests] Regenerate test certificates with RSA 2048bits keys and copy the keystores into corresponding module test resources
    
    (cherry picked from commit d946bec02cf8cd5d72ab65df38c2733173dbc10b)
---
 broker-core/pom.xml                                |   3 -
 .../qpid/server/security/FileKeyStoreTest.java     |  67 +++++++------
 .../qpid/server/security/FileTrustStoreTest.java   | 111 ++++++++++++++-------
 .../qpid/server/security/NonJavaKeyStoreTest.java  |  26 ++---
 .../server/security/NonJavaTrustStoreTest.java     |  14 +--
 .../security/SiteSpecificTrustStoreTest.java       |   6 +-
 .../apache/qpid/server/ssl/TrustManagerTest.java   |  70 +++++++------
 broker-core/src/test/resources/ssl/expired.crt     |  17 ++++
 broker-core/src/test/resources/ssl/java_broker.crt |  21 ++++
 broker-core/src/test/resources/ssl/java_broker.req |  18 ++++
 .../ssl/java_broker_expired_truststore.pkcs12      | Bin 0 -> 1002 bytes
 .../test/resources/ssl/java_broker_keystore.pkcs12 | Bin 0 -> 4425 bytes
 .../resources/ssl/java_broker_peerstore.pkcs12     | Bin 0 -> 1162 bytes
 .../resources/ssl/java_broker_truststore.pkcs12    | Bin 0 -> 1082 bytes
 .../ssl/java_client_expired_keystore.pkcs12        | Bin 0 -> 2397 bytes
 .../test/resources/ssl/java_client_keystore.pkcs12 | Bin 0 -> 7641 bytes
 .../resources/ssl/java_client_truststore.pkcs12    | Bin 0 -> 1082 bytes
 .../ssl/java_client_untrusted_keystore.pkcs12      | Bin 0 -> 2467 bytes
 .../src/test/resources/ssl/test_keystore.jks       | Bin 5786 -> 6361 bytes
 .../src/main/resources/java_broker_keystore.jks    | Bin 0 -> 4425 bytes
 test-profiles/test_resources/ssl/CA_db/cert8.db    | Bin 65536 -> 0 bytes
 test-profiles/test_resources/ssl/CA_db/cert9.db    | Bin 0 -> 28672 bytes
 test-profiles/test_resources/ssl/CA_db/key3.db     | Bin 16384 -> 0 bytes
 test-profiles/test_resources/ssl/CA_db/key4.db     | Bin 0 -> 36864 bytes
 test-profiles/test_resources/ssl/CA_db/pkcs11.txt  |   5 +
 test-profiles/test_resources/ssl/CA_db/rootca.crt  |  24 +++--
 test-profiles/test_resources/ssl/CA_db/secmod.db   | Bin 16384 -> 0 bytes
 test-profiles/test_resources/ssl/app1.crt          |  29 +++---
 test-profiles/test_resources/ssl/app1.req          |  29 +++---
 test-profiles/test_resources/ssl/app2.crt          |  29 +++---
 test-profiles/test_resources/ssl/app2.req          |  29 +++---
 .../test_resources/ssl/generate-java-keystores.sh  |  74 ++++++++++----
 .../test_resources/ssl/generate-root-ca.sh         |  10 +-
 test-profiles/test_resources/ssl/java_broker.crt   |  28 ++++--
 test-profiles/test_resources/ssl/java_broker.req   |  24 +++--
 .../ssl/java_broker_expired_truststore.jks         | Bin 769 -> 1002 bytes
 .../test_resources/ssl/java_broker_keystore.jks    | Bin 3209 -> 4425 bytes
 .../test_resources/ssl/java_broker_peerstore.jks   | Bin 802 -> 1162 bytes
 .../test_resources/ssl/java_broker_truststore.jks  | Bin 591 -> 1082 bytes
 .../ssl/java_client_expired_keystore.jks           | Bin 2057 -> 2397 bytes
 .../test_resources/ssl/java_client_keystore.jks    | Bin 5786 -> 7641 bytes
 .../test_resources/ssl/java_client_truststore.jks  | Bin 591 -> 1082 bytes
 .../ssl/java_client_untrusted_keystore.jks         | Bin 2056 -> 2467 bytes
 .../test_resources/ssl/server_db/cert8.db          | Bin 65536 -> 0 bytes
 .../test_resources/ssl/server_db/cert9.db          | Bin 0 -> 28672 bytes
 test-profiles/test_resources/ssl/server_db/key3.db | Bin 16384 -> 0 bytes
 test-profiles/test_resources/ssl/server_db/key4.db | Bin 0 -> 36864 bytes
 .../test_resources/ssl/server_db/pkcs11.txt        |   5 +
 .../test_resources/ssl/server_db/secmod.db         | Bin 16384 -> 0 bytes
 .../test_resources/ssl/server_db/server.crt        |  26 +++--
 .../test_resources/ssl/server_db/server.req        |  23 +++--
 51 files changed, 441 insertions(+), 247 deletions(-)

diff --git a/broker-core/pom.xml b/broker-core/pom.xml
index 3d32a0d..6241041 100644
--- a/broker-core/pom.xml
+++ b/broker-core/pom.xml
@@ -130,9 +130,6 @@
         <testResource>
             <directory>${basedir}/src/test/resources</directory>
         </testResource>
-        <testResource>
-            <directory>${basedir}/../test-profiles/test_resources/ssl</directory>
-        </testResource>
     </testResources>
 
     <plugins>
diff --git a/broker-core/src/test/java/org/apache/qpid/server/security/FileKeyStoreTest.java b/broker-core/src/test/java/org/apache/qpid/server/security/FileKeyStoreTest.java
index e950ef4..28f49d1 100644
--- a/broker-core/src/test/java/org/apache/qpid/server/security/FileKeyStoreTest.java
+++ b/broker-core/src/test/java/org/apache/qpid/server/security/FileKeyStoreTest.java
@@ -20,6 +20,7 @@
 package org.apache.qpid.server.security;
 
 
+import static org.apache.qpid.server.security.FileTrustStoreTest.createDataUrlForFile;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.when;
 
@@ -40,13 +41,21 @@ import org.apache.qpid.server.model.IntegrityViolationException;
 import org.apache.qpid.server.model.KeyStore;
 import org.apache.qpid.server.model.Model;
 import org.apache.qpid.server.model.Port;
+import org.apache.qpid.server.util.DataUrlUtils;
 import org.apache.qpid.test.utils.QpidTestCase;
 import org.apache.qpid.test.utils.TestSSLConstants;
-import org.apache.qpid.server.util.DataUrlUtils;
-import org.apache.qpid.server.util.FileUtils;
+
+
 
 public class FileKeyStoreTest extends QpidTestCase
 {
+    private static final String BROKER_KEYSTORE = "ssl/java_broker_keystore.pkcs12";
+    private static final String BROKER_KEYSTORE_PATH = "classpath:" + BROKER_KEYSTORE;
+    private static final String BROKER_KEYSTORE_PASSWORD = TestSSLConstants.BROKER_KEYSTORE_PASSWORD;
+    private static final String CLIENT_KEYSTORE_PATH = "classpath:ssl/java_client_keystore.pkcs12";
+    private static final String CLIENT_KEYSTORE_PASSWORD = TestSSLConstants.KEYSTORE_PASSWORD;
+    private static final String BROKER_KEYSTORE_ALIAS = TestSSLConstants.BROKER_KEYSTORE_ALIAS;
+
     private final Broker _broker = mock(Broker.class);
     private final TaskExecutor _taskExecutor = CurrentThreadTaskExecutor.newStartedInstance();
     private final Model _model = BrokerModel.getInstance();
@@ -70,8 +79,8 @@ public class FileKeyStoreTest extends QpidTestCase
     {
         Map<String,Object> attributes = new HashMap<>();
         attributes.put(FileKeyStore.NAME, "myFileKeyStore");
-        attributes.put(FileKeyStore.STORE_URL, TestSSLConstants.BROKER_KEYSTORE);
-        attributes.put(FileKeyStore.PASSWORD, TestSSLConstants.BROKER_KEYSTORE_PASSWORD);
+        attributes.put(FileKeyStore.STORE_URL, BROKER_KEYSTORE_PATH);
+        attributes.put(FileKeyStore.PASSWORD, BROKER_KEYSTORE_PASSWORD);
 
         FileKeyStoreImpl fileKeyStore = (FileKeyStoreImpl) _factory.create(KeyStore.class, attributes,  _broker);
 
@@ -85,9 +94,9 @@ public class FileKeyStoreTest extends QpidTestCase
     {
         Map<String,Object> attributes = new HashMap<>();
         attributes.put(FileKeyStore.NAME, "myFileKeyStore");
-        attributes.put(FileKeyStore.STORE_URL, TestSSLConstants.BROKER_KEYSTORE);
-        attributes.put(FileKeyStore.PASSWORD, TestSSLConstants.BROKER_KEYSTORE_PASSWORD);
-        attributes.put(FileKeyStore.CERTIFICATE_ALIAS, TestSSLConstants.BROKER_KEYSTORE_ALIAS);
+        attributes.put(FileKeyStore.STORE_URL, BROKER_KEYSTORE_PATH);
+        attributes.put(FileKeyStore.PASSWORD, BROKER_KEYSTORE_PASSWORD);
+        attributes.put(FileKeyStore.CERTIFICATE_ALIAS, BROKER_KEYSTORE_ALIAS);
 
         FileKeyStoreImpl fileKeyStore = (FileKeyStoreImpl) _factory.create(KeyStore.class, attributes,  _broker);
 
@@ -101,7 +110,7 @@ public class FileKeyStoreTest extends QpidTestCase
     {
         Map<String,Object> attributes = new HashMap<>();
         attributes.put(FileKeyStore.NAME, "myFileKeyStore");
-        attributes.put(FileKeyStore.STORE_URL, TestSSLConstants.BROKER_KEYSTORE);
+        attributes.put(FileKeyStore.STORE_URL, BROKER_KEYSTORE_PATH);
         attributes.put(FileKeyStore.PASSWORD, "wrong");
 
         try
@@ -120,8 +129,8 @@ public class FileKeyStoreTest extends QpidTestCase
     {
         Map<String,Object> attributes = new HashMap<>();
         attributes.put(FileKeyStore.NAME, "myFileKeyStore");
-        attributes.put(FileKeyStore.STORE_URL, TestSSLConstants.KEYSTORE);
-        attributes.put(FileKeyStore.PASSWORD, TestSSLConstants.KEYSTORE_PASSWORD);
+        attributes.put(FileKeyStore.STORE_URL, CLIENT_KEYSTORE_PATH);
+        attributes.put(FileKeyStore.PASSWORD, CLIENT_KEYSTORE_PASSWORD);
         attributes.put(FileKeyStore.CERTIFICATE_ALIAS, "notknown");
 
         try
@@ -138,12 +147,12 @@ public class FileKeyStoreTest extends QpidTestCase
 
     public void testCreateKeyStoreFromDataUrl_Success() throws Exception
     {
-        String trustStoreAsDataUrl = createDataUrlForFile(TestSSLConstants.BROKER_KEYSTORE);
+        String trustStoreAsDataUrl = createDataUrlForFile(BROKER_KEYSTORE);
 
         Map<String,Object> attributes = new HashMap<>();
         attributes.put(FileKeyStore.NAME, "myFileKeyStore");
         attributes.put(FileKeyStore.STORE_URL, trustStoreAsDataUrl);
-        attributes.put(FileKeyStore.PASSWORD, TestSSLConstants.BROKER_KEYSTORE_PASSWORD);
+        attributes.put(FileKeyStore.PASSWORD, BROKER_KEYSTORE_PASSWORD);
 
         FileKeyStoreImpl fileKeyStore = (FileKeyStoreImpl) _factory.create(KeyStore.class, attributes,  _broker);
 
@@ -155,13 +164,13 @@ public class FileKeyStoreTest extends QpidTestCase
 
     public void testCreateKeyStoreWithAliasFromDataUrl_Success() throws Exception
     {
-        String trustStoreAsDataUrl = createDataUrlForFile(TestSSLConstants.BROKER_KEYSTORE);
+        String trustStoreAsDataUrl = createDataUrlForFile(BROKER_KEYSTORE);
 
         Map<String,Object> attributes = new HashMap<>();
         attributes.put(FileKeyStore.NAME, "myFileKeyStore");
         attributes.put(FileKeyStore.STORE_URL, trustStoreAsDataUrl);
-        attributes.put(FileKeyStore.PASSWORD, TestSSLConstants.BROKER_KEYSTORE_PASSWORD);
-        attributes.put(FileKeyStore.CERTIFICATE_ALIAS, TestSSLConstants.BROKER_KEYSTORE_ALIAS);
+        attributes.put(FileKeyStore.PASSWORD, BROKER_KEYSTORE_PASSWORD);
+        attributes.put(FileKeyStore.CERTIFICATE_ALIAS, BROKER_KEYSTORE_ALIAS);
 
         FileKeyStoreImpl fileKeyStore = (FileKeyStoreImpl) _factory.create(KeyStore.class, attributes,  _broker);
 
@@ -173,7 +182,7 @@ public class FileKeyStoreTest extends QpidTestCase
 
     public void testCreateKeyStoreFromDataUrl_WrongPassword() throws Exception
     {
-        String keyStoreAsDataUrl = createDataUrlForFile(TestSSLConstants.BROKER_KEYSTORE);
+        String keyStoreAsDataUrl = createDataUrlForFile(BROKER_KEYSTORE);
 
         Map<String,Object> attributes = new HashMap<>();
         attributes.put(FileKeyStore.NAME, "myFileKeyStore");
@@ -198,7 +207,7 @@ public class FileKeyStoreTest extends QpidTestCase
 
         Map<String,Object> attributes = new HashMap<>();
         attributes.put(FileKeyStore.NAME, "myFileKeyStore");
-        attributes.put(FileKeyStore.PASSWORD, TestSSLConstants.BROKER_KEYSTORE_PASSWORD);
+        attributes.put(FileKeyStore.PASSWORD, BROKER_KEYSTORE_PASSWORD);
         attributes.put(FileKeyStore.STORE_URL, keyStoreAsDataUrl);
 
         try
@@ -216,11 +225,11 @@ public class FileKeyStoreTest extends QpidTestCase
 
     public void testCreateKeyStoreFromDataUrl_UnknownAlias() throws Exception
     {
-        String keyStoreAsDataUrl = createDataUrlForFile(TestSSLConstants.BROKER_KEYSTORE);
+        String keyStoreAsDataUrl = createDataUrlForFile(BROKER_KEYSTORE);
 
         Map<String,Object> attributes = new HashMap<>();
         attributes.put(FileKeyStore.NAME, "myFileKeyStore");
-        attributes.put(FileKeyStore.PASSWORD, TestSSLConstants.BROKER_KEYSTORE_PASSWORD);
+        attributes.put(FileKeyStore.PASSWORD, BROKER_KEYSTORE_PASSWORD);
         attributes.put(FileKeyStore.STORE_URL, keyStoreAsDataUrl);
         attributes.put(FileKeyStore.CERTIFICATE_ALIAS, "notknown");
 
@@ -240,8 +249,8 @@ public class FileKeyStoreTest extends QpidTestCase
     {
         Map<String,Object> attributes = new HashMap<>();
         attributes.put(FileKeyStore.NAME, "myFileKeyStore");
-        attributes.put(FileKeyStore.STORE_URL, TestSSLConstants.BROKER_KEYSTORE);
-        attributes.put(FileKeyStore.PASSWORD, TestSSLConstants.BROKER_KEYSTORE_PASSWORD);
+        attributes.put(FileKeyStore.STORE_URL, BROKER_KEYSTORE_PATH);
+        attributes.put(FileKeyStore.PASSWORD, BROKER_KEYSTORE_PASSWORD);
 
         FileKeyStoreImpl fileKeyStore = (FileKeyStoreImpl) _factory.create(KeyStore.class, attributes,  _broker);
 
@@ -264,7 +273,7 @@ public class FileKeyStoreTest extends QpidTestCase
         assertNull("Unexpected alias value after failed change", fileKeyStore.getCertificateAlias());
 
         Map<String,Object> changedAttributes = new HashMap<>();
-        changedAttributes.put(FileKeyStore.CERTIFICATE_ALIAS, TestSSLConstants.BROKER_KEYSTORE_ALIAS);
+        changedAttributes.put(FileKeyStore.CERTIFICATE_ALIAS, BROKER_KEYSTORE_ALIAS);
 
         fileKeyStore.setAttributes(changedAttributes);
 
@@ -278,8 +287,9 @@ public class FileKeyStoreTest extends QpidTestCase
     {
         Map<String,Object> attributes = new HashMap<>();
         attributes.put(FileKeyStore.NAME, "myFileKeyStore");
-        attributes.put(FileKeyStore.STORE_URL, TestSSLConstants.BROKER_KEYSTORE);
-        attributes.put(FileKeyStore.PASSWORD, TestSSLConstants.BROKER_KEYSTORE_PASSWORD);
+        attributes.put(FileKeyStore.PASSWORD, BROKER_KEYSTORE_PASSWORD);
+        attributes.put(FileKeyStore.STORE_URL, BROKER_KEYSTORE_PATH);
+        attributes.put(FileKeyStore.KEY_STORE_TYPE, "PKCS12");
 
         FileKeyStoreImpl fileKeyStore = (FileKeyStoreImpl) _factory.create(KeyStore.class, attributes,  _broker);
 
@@ -290,8 +300,8 @@ public class FileKeyStoreTest extends QpidTestCase
     {
         Map<String,Object> attributes = new HashMap<>();
         attributes.put(FileKeyStore.NAME, "myFileKeyStore");
-        attributes.put(FileKeyStore.STORE_URL, TestSSLConstants.BROKER_KEYSTORE);
-        attributes.put(FileKeyStore.PASSWORD, TestSSLConstants.BROKER_KEYSTORE_PASSWORD);
+        attributes.put(FileKeyStore.STORE_URL, BROKER_KEYSTORE_PATH);
+        attributes.put(FileKeyStore.PASSWORD, BROKER_KEYSTORE_PASSWORD);
 
         FileKeyStoreImpl fileKeyStore = (FileKeyStoreImpl) _factory.create(KeyStore.class, attributes,  _broker);
 
@@ -311,9 +321,4 @@ public class FileKeyStoreTest extends QpidTestCase
         }
     }
 
-    private static String createDataUrlForFile(String filename)
-    {
-        byte[] fileAsBytes = FileUtils.readFileAsBytes(filename);
-        return DataUrlUtils.getDataUrlForBytes(fileAsBytes);
-    }
 }
diff --git a/broker-core/src/test/java/org/apache/qpid/server/security/FileTrustStoreTest.java b/broker-core/src/test/java/org/apache/qpid/server/security/FileTrustStoreTest.java
index 9d184be..d0cc0a2 100644
--- a/broker-core/src/test/java/org/apache/qpid/server/security/FileTrustStoreTest.java
+++ b/broker-core/src/test/java/org/apache/qpid/server/security/FileTrustStoreTest.java
@@ -23,6 +23,10 @@ package org.apache.qpid.server.security;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.when;
 
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.io.InputStream;
 import java.security.KeyStore;
 import java.security.cert.CertificateException;
 import java.security.cert.CertificateExpiredException;
@@ -35,6 +39,8 @@ import java.util.Map;
 import javax.net.ssl.TrustManager;
 import javax.net.ssl.X509TrustManager;
 
+import com.google.common.io.ByteStreams;
+
 import org.apache.qpid.server.configuration.IllegalConfigurationException;
 import org.apache.qpid.server.configuration.updater.CurrentThreadTaskExecutor;
 import org.apache.qpid.server.configuration.updater.TaskExecutor;
@@ -51,12 +57,21 @@ import org.apache.qpid.server.security.auth.manager.SimpleLDAPAuthenticationMana
 import org.apache.qpid.server.transport.network.security.ssl.QpidPeersOnlyTrustManager;
 import org.apache.qpid.server.transport.network.security.ssl.SSLUtil;
 import org.apache.qpid.server.util.DataUrlUtils;
-import org.apache.qpid.server.util.FileUtils;
 import org.apache.qpid.test.utils.QpidTestCase;
 import org.apache.qpid.test.utils.TestSSLConstants;
 
 public class FileTrustStoreTest extends QpidTestCase
 {
+    private static final String TRUSTSTORE_PASSWORD = TestSSLConstants.TRUSTSTORE_PASSWORD;
+    private static final String PEER_STORE_PASSWORD = TestSSLConstants.BROKER_PEERSTORE_PASSWORD;
+    private static final String KEYSTORE_PASSWORD = TestSSLConstants.KEYSTORE_PASSWORD;
+    private static final String TRUST_STORE_PATH = "classpath:ssl/java_client_truststore.pkcs12";
+    private static final String PEER_STORE_PATH = "classpath:ssl/java_broker_peerstore.pkcs12";
+    private static final String EXPIRED_TRUST_STORE_PATH = "classpath:ssl/java_broker_expired_truststore.pkcs12";
+    private static final String EXPIRED_KEYSTORE_PATH = "ssl/java_client_expired_keystore.pkcs12";
+    private static final String TRUST_STORE = "ssl/java_client_truststore.pkcs12";
+    private static final String BROKER_TRUST_STORE_PATH = "classpath:ssl/java_broker_truststore.pkcs12";
+    private static final String BROKER_TRUST_STORE_PASSWORD = TestSSLConstants.BROKER_TRUSTSTORE_PASSWORD;
     private final Broker _broker = mock(Broker.class);
     private final TaskExecutor _taskExecutor = CurrentThreadTaskExecutor.newStartedInstance();
     private final Model _model = BrokerModel.getInstance();
@@ -80,8 +95,8 @@ public class FileTrustStoreTest extends QpidTestCase
     {
         Map<String,Object> attributes = new HashMap<>();
         attributes.put(FileTrustStore.NAME, "myFileTrustStore");
-        attributes.put(FileTrustStore.STORE_URL, TestSSLConstants.TRUSTSTORE);
-        attributes.put(FileTrustStore.PASSWORD, TestSSLConstants.TRUSTSTORE_PASSWORD);
+        attributes.put(FileTrustStore.STORE_URL, TRUST_STORE_PATH);
+        attributes.put(FileTrustStore.PASSWORD, TRUSTSTORE_PASSWORD);
 
         TrustStore<?> fileTrustStore = _factory.create(TrustStore.class, attributes,  _broker);
 
@@ -95,7 +110,7 @@ public class FileTrustStoreTest extends QpidTestCase
     {
         Map<String,Object> attributes = new HashMap<>();
         attributes.put(FileTrustStore.NAME, "myFileTrustStore");
-        attributes.put(FileTrustStore.STORE_URL, TestSSLConstants.TRUSTSTORE);
+        attributes.put(FileTrustStore.STORE_URL, TRUST_STORE_PATH);
         attributes.put(FileTrustStore.PASSWORD, "wrong");
 
         try
@@ -114,8 +129,8 @@ public class FileTrustStoreTest extends QpidTestCase
     {
         Map<String,Object> attributes = new HashMap<>();
         attributes.put(FileTrustStore.NAME, "myFileTrustStore");
-        attributes.put(FileTrustStore.STORE_URL, TestSSLConstants.BROKER_PEERSTORE);
-        attributes.put(FileTrustStore.PASSWORD, TestSSLConstants.BROKER_PEERSTORE_PASSWORD);
+        attributes.put(FileTrustStore.STORE_URL, PEER_STORE_PATH);
+        attributes.put(FileTrustStore.PASSWORD, PEER_STORE_PASSWORD);
         attributes.put(FileTrustStore.PEERS_ONLY, true);
 
         TrustStore<?> fileTrustStore = _factory.create(TrustStore.class, attributes,  _broker);
@@ -131,8 +146,8 @@ public class FileTrustStoreTest extends QpidTestCase
     {
         Map<String,Object> attributes = new HashMap<>();
         attributes.put(FileTrustStore.NAME, "myFileTrustStore");
-        attributes.put(FileTrustStore.STORE_URL, TestSSLConstants.BROKER_EXPIRED_TRUSTSTORE);
-        attributes.put(FileTrustStore.PASSWORD, TestSSLConstants.BROKER_TRUSTSTORE_PASSWORD);
+        attributes.put(FileTrustStore.STORE_URL, EXPIRED_TRUST_STORE_PATH);
+        attributes.put(FileTrustStore.PASSWORD, BROKER_TRUST_STORE_PASSWORD);
 
         TrustStore trustStore = _factory.create(TrustStore.class, attributes, _broker);
 
@@ -142,9 +157,9 @@ public class FileTrustStoreTest extends QpidTestCase
         assertTrue("Unexpected trust manager type",trustManagers[0] instanceof X509TrustManager);
         X509TrustManager trustManager = (X509TrustManager) trustManagers[0];
 
-        KeyStore clientStore = SSLUtil.getInitializedKeyStore(TestSSLConstants.EXPIRED_KEYSTORE,
-                                                              TestSSLConstants.KEYSTORE_PASSWORD,
-                                                              KeyStore.getDefaultType());
+        KeyStore clientStore = SSLUtil.getInitializedKeyStore(EXPIRED_KEYSTORE_PATH,
+                                                              KEYSTORE_PASSWORD,
+                                                              "pkcs12");
         String alias = clientStore.aliases().nextElement();
         X509Certificate certificate = (X509Certificate) clientStore.getCertificate(alias);
 
@@ -155,8 +170,8 @@ public class FileTrustStoreTest extends QpidTestCase
     {
         Map<String,Object> attributes = new HashMap<>();
         attributes.put(FileTrustStore.NAME, "myFileTrustStore");
-        attributes.put(FileTrustStore.STORE_URL, TestSSLConstants.BROKER_EXPIRED_TRUSTSTORE);
-        attributes.put(FileTrustStore.PASSWORD, TestSSLConstants.BROKER_TRUSTSTORE_PASSWORD);
+        attributes.put(FileTrustStore.STORE_URL, EXPIRED_TRUST_STORE_PATH);
+        attributes.put(FileTrustStore.PASSWORD, BROKER_TRUST_STORE_PASSWORD);
         attributes.put(FileTrustStore.TRUST_ANCHOR_VALIDITY_ENFORCED, true);
 
         TrustStore trustStore = _factory.create(TrustStore.class, attributes, _broker);
@@ -167,9 +182,9 @@ public class FileTrustStoreTest extends QpidTestCase
         assertTrue("Unexpected trust manager type",trustManagers[0] instanceof X509TrustManager);
         X509TrustManager trustManager = (X509TrustManager) trustManagers[0];
 
-        KeyStore clientStore = SSLUtil.getInitializedKeyStore(TestSSLConstants.EXPIRED_KEYSTORE,
-                                                             TestSSLConstants.KEYSTORE_PASSWORD,
-                                                             KeyStore.getDefaultType());
+        KeyStore clientStore = SSLUtil.getInitializedKeyStore(EXPIRED_KEYSTORE_PATH,
+                                                              KEYSTORE_PASSWORD,
+                                                              KeyStore.getDefaultType());
         String alias = clientStore.aliases().nextElement();
         X509Certificate certificate = (X509Certificate) clientStore.getCertificate(alias);
 
@@ -195,12 +210,12 @@ public class FileTrustStoreTest extends QpidTestCase
 
     public void testCreateTrustStoreFromDataUrl_Success() throws Exception
     {
-        String trustStoreAsDataUrl = createDataUrlForFile(TestSSLConstants.TRUSTSTORE);
+        String trustStoreAsDataUrl = createDataUrlForFile(TRUST_STORE);
 
         Map<String,Object> attributes = new HashMap<>();
         attributes.put(FileTrustStore.NAME, "myFileTrustStore");
         attributes.put(FileTrustStore.STORE_URL, trustStoreAsDataUrl);
-        attributes.put(FileTrustStore.PASSWORD, TestSSLConstants.TRUSTSTORE_PASSWORD);
+        attributes.put(FileTrustStore.PASSWORD, TRUSTSTORE_PASSWORD);
 
         TrustStore<?> fileTrustStore = _factory.create(TrustStore.class, attributes,  _broker);
 
@@ -212,7 +227,7 @@ public class FileTrustStoreTest extends QpidTestCase
 
     public void testCreateTrustStoreFromDataUrl_WrongPassword() throws Exception
     {
-        String trustStoreAsDataUrl = createDataUrlForFile(TestSSLConstants.TRUSTSTORE);
+        String trustStoreAsDataUrl = createDataUrlForFile(TRUST_STORE);
 
         Map<String,Object> attributes = new HashMap<>();
         attributes.put(FileTrustStore.NAME, "myFileTrustStore");
@@ -237,7 +252,7 @@ public class FileTrustStoreTest extends QpidTestCase
 
         Map<String,Object> attributes = new HashMap<>();
         attributes.put(FileTrustStore.NAME, "myFileTrustStore");
-        attributes.put(FileTrustStore.PASSWORD, TestSSLConstants.TRUSTSTORE_PASSWORD);
+        attributes.put(FileTrustStore.PASSWORD, TRUSTSTORE_PASSWORD);
         attributes.put(FileTrustStore.STORE_URL, trustStoreAsDataUrl);
 
         try
@@ -257,12 +272,12 @@ public class FileTrustStoreTest extends QpidTestCase
     {
         Map<String,Object> attributes = new HashMap<>();
         attributes.put(FileTrustStore.NAME, "myFileTrustStore");
-        attributes.put(FileTrustStore.STORE_URL, TestSSLConstants.TRUSTSTORE);
-        attributes.put(FileTrustStore.PASSWORD, TestSSLConstants.TRUSTSTORE_PASSWORD);
+        attributes.put(FileTrustStore.STORE_URL, TRUST_STORE_PATH);
+        attributes.put(FileTrustStore.PASSWORD, TRUSTSTORE_PASSWORD);
 
         FileTrustStore<?> fileTrustStore = (FileTrustStore<?>) _factory.create(TrustStore.class, attributes,  _broker);
 
-        assertEquals("Unexpected path value before change", TestSSLConstants.TRUSTSTORE, fileTrustStore.getStoreUrl());
+        assertEquals("Unexpected path value before change", TRUST_STORE_PATH, fileTrustStore.getStoreUrl());
 
         try
         {
@@ -278,16 +293,16 @@ public class FileTrustStoreTest extends QpidTestCase
             assertTrue("Exception text not as unexpected:" + message, message.contains("Cannot instantiate trust store"));
         }
 
-        assertEquals("Unexpected path value after failed change", TestSSLConstants.TRUSTSTORE, fileTrustStore.getStoreUrl());
+        assertEquals("Unexpected path value after failed change", TRUST_STORE_PATH, fileTrustStore.getStoreUrl());
 
         Map<String,Object> changedAttributes = new HashMap<>();
-        changedAttributes.put(FileTrustStore.STORE_URL, TestSSLConstants.BROKER_TRUSTSTORE);
-        changedAttributes.put(FileTrustStore.PASSWORD, TestSSLConstants.BROKER_TRUSTSTORE_PASSWORD);
+        changedAttributes.put(FileTrustStore.STORE_URL, BROKER_TRUST_STORE_PATH);
+        changedAttributes.put(FileTrustStore.PASSWORD, BROKER_TRUST_STORE_PASSWORD);
 
         fileTrustStore.setAttributes(changedAttributes);
 
         assertEquals("Unexpected path value after change that is expected to be successful",
-                     TestSSLConstants.BROKER_TRUSTSTORE,
+                     BROKER_TRUST_STORE_PATH,
                      fileTrustStore.getStoreUrl());
     }
 
@@ -295,8 +310,8 @@ public class FileTrustStoreTest extends QpidTestCase
     {
         Map<String,Object> attributes = new HashMap<>();
         attributes.put(FileTrustStore.NAME, "myFileTrustStore");
-        attributes.put(FileTrustStore.STORE_URL, TestSSLConstants.TRUSTSTORE);
-        attributes.put(FileTrustStore.PASSWORD, TestSSLConstants.TRUSTSTORE_PASSWORD);
+        attributes.put(FileTrustStore.STORE_URL, BROKER_TRUST_STORE_PATH);
+        attributes.put(FileTrustStore.PASSWORD, KEYSTORE_PASSWORD);
 
         TrustStore<?> fileTrustStore = _factory.create(TrustStore.class, attributes,  _broker);
 
@@ -307,8 +322,9 @@ public class FileTrustStoreTest extends QpidTestCase
     {
         Map<String,Object> attributes = new HashMap<>();
         attributes.put(FileTrustStore.NAME, "myFileTrustStore");
-        attributes.put(FileTrustStore.STORE_URL, TestSSLConstants.TRUSTSTORE);
-        attributes.put(FileTrustStore.PASSWORD, TestSSLConstants.TRUSTSTORE_PASSWORD);
+        attributes.put(FileTrustStore.PASSWORD, TRUSTSTORE_PASSWORD);
+        attributes.put(FileTrustStore.STORE_URL, TRUST_STORE_PATH);
+        attributes.put(FileTrustStore.TRUST_STORE_TYPE, "PKCS12");
 
         TrustStore<?> fileTrustStore = _factory.create(TrustStore.class, attributes,  _broker);
 
@@ -333,10 +349,11 @@ public class FileTrustStoreTest extends QpidTestCase
     {
         Map<String,Object> attributes = new HashMap<>();
         attributes.put(FileTrustStore.NAME, "myFileTrustStore");
-        attributes.put(FileTrustStore.STORE_URL, TestSSLConstants.TRUSTSTORE);
-        attributes.put(FileTrustStore.PASSWORD, TestSSLConstants.TRUSTSTORE_PASSWORD);
+        attributes.put(FileTrustStore.STORE_URL, TRUST_STORE_PATH);
+        attributes.put(FileTrustStore.PASSWORD, TRUSTSTORE_PASSWORD);
+        attributes.put(FileTrustStore.TRUST_STORE_TYPE, "PKCS12");
 
-        TrustStore<?> fileTrustStore = _factory.create(TrustStore.class, attributes,  _broker);
+        TrustStore<?> fileTrustStore = _factory.create(TrustStore.class, attributes, _broker);
 
         Port<?> port = mock(Port.class);
         when(port.getTrustStores()).thenReturn(Collections.<TrustStore>singletonList(fileTrustStore));
@@ -354,9 +371,29 @@ public class FileTrustStoreTest extends QpidTestCase
         }
     }
 
-    private static String createDataUrlForFile(String filename)
+    public  static String createDataUrlForFile(String filename) throws IOException
     {
-        byte[] fileAsBytes = FileUtils.readFileAsBytes(filename);
-        return DataUrlUtils.getDataUrlForBytes(fileAsBytes);
+        InputStream in = null;
+        try
+        {
+            File f = new File(filename);
+            if (f.exists())
+            {
+                in = new FileInputStream(f);
+            }
+            else
+            {
+                in = Thread.currentThread().getContextClassLoader().getResourceAsStream(filename);
+            }
+            byte[] fileAsBytes = ByteStreams.toByteArray(in);
+            return DataUrlUtils.getDataUrlForBytes(fileAsBytes);
+        }
+        finally
+        {
+            if (in != null)
+            {
+                in.close();
+            }
+        }
     }
 }
diff --git a/broker-core/src/test/java/org/apache/qpid/server/security/NonJavaKeyStoreTest.java b/broker-core/src/test/java/org/apache/qpid/server/security/NonJavaKeyStoreTest.java
index 4cd7e6f..e4e14d1 100644
--- a/broker-core/src/test/java/org/apache/qpid/server/security/NonJavaKeyStoreTest.java
+++ b/broker-core/src/test/java/org/apache/qpid/server/security/NonJavaKeyStoreTest.java
@@ -24,16 +24,12 @@ import static org.apache.qpid.test.utils.TestSSLConstants.KEYSTORE_PASSWORD;
 import static org.mockito.Matchers.any;
 import static org.mockito.Matchers.anyLong;
 import static org.mockito.Matchers.argThat;
-import static org.mockito.Mockito.doReturn;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.never;
 import static org.mockito.Mockito.verify;
 import static org.mockito.Mockito.when;
 import static org.mockito.internal.verification.VerificationModeFactory.times;
 
-import javax.net.ssl.KeyManager;
-import javax.xml.bind.DatatypeConverter;
-
 import java.io.File;
 import java.io.FileOutputStream;
 import java.io.InputStream;
@@ -49,6 +45,9 @@ import java.util.Map;
 import java.util.concurrent.ScheduledFuture;
 import java.util.concurrent.TimeUnit;
 
+import javax.net.ssl.KeyManager;
+import javax.xml.bind.DatatypeConverter;
+
 import org.mockito.ArgumentMatcher;
 
 import org.apache.qpid.server.configuration.IllegalConfigurationException;
@@ -68,6 +67,8 @@ import org.apache.qpid.test.utils.TestFileUtils;
 
 public class NonJavaKeyStoreTest extends QpidTestCase
 {
+    private static final String KEYSTORE = "/ssl/java_broker_keystore.pkcs12";
+
     private final Broker<?> _broker = mock(Broker.class);
     private final TaskExecutor _taskExecutor = CurrentThreadTaskExecutor.newStartedInstance();
     private final Model _model = BrokerModel.getInstance();
@@ -111,10 +112,10 @@ public class NonJavaKeyStoreTest extends QpidTestCase
         }
     }
 
-    private File[] extractResourcesFromTestKeyStore(boolean pem) throws Exception
+    private File[] extractResourcesFromTestKeyStore(boolean pem, final String storeResource) throws Exception
     {
         java.security.KeyStore ks = java.security.KeyStore.getInstance(java.security.KeyStore.getDefaultType());
-        try(InputStream is = getClass().getResourceAsStream("/java_broker_keystore.jks"))
+        try(InputStream is = getClass().getResourceAsStream(storeResource))
         {
             ks.load(is, KEYSTORE_PASSWORD.toCharArray() );
         }
@@ -186,7 +187,7 @@ public class NonJavaKeyStoreTest extends QpidTestCase
 
     private void runTestCreationOfTrustStoreFromValidPrivateKeyAndCertificateInDerFormat(boolean isPEM)throws Exception
     {
-        File[] resources = extractResourcesFromTestKeyStore(isPEM);
+        File[] resources = extractResourcesFromTestKeyStore(isPEM, KEYSTORE);
         _testResources.addAll(Arrays.asList(resources));
 
         Map<String,Object> attributes = new HashMap<>();
@@ -206,7 +207,7 @@ public class NonJavaKeyStoreTest extends QpidTestCase
 
     public void testCreationOfTrustStoreFromValidPrivateKeyAndInvalidCertificate()throws Exception
     {
-        File[] resources = extractResourcesFromTestKeyStore(true);
+        File[] resources = extractResourcesFromTestKeyStore(true, KEYSTORE);
         _testResources.addAll(Arrays.asList(resources));
 
         File invalidCertificate = TestFileUtils.createTempFile(this, ".invalid.cert", "content");
@@ -231,7 +232,7 @@ public class NonJavaKeyStoreTest extends QpidTestCase
 
     public void testCreationOfTrustStoreFromInvalidPrivateKeyAndValidCertificate()throws Exception
     {
-        File[] resources = extractResourcesFromTestKeyStore(true);
+        File[] resources = extractResourcesFromTestKeyStore(true, KEYSTORE);
         _testResources.addAll(Arrays.asList(resources));
 
         File invalidPrivateKey = TestFileUtils.createTempFile(this, ".invalid.pk", "content");
@@ -274,15 +275,16 @@ public class NonJavaKeyStoreTest extends QpidTestCase
     {
         when(_broker.scheduleHouseKeepingTask(anyLong(), any(TimeUnit.class), any(Runnable.class))).thenReturn(mock(ScheduledFuture.class));
 
-        java.security.KeyStore ks = java.security.KeyStore.getInstance(java.security.KeyStore.getDefaultType());
-        try(InputStream is = getClass().getResourceAsStream("/java_broker_keystore.jks"))
+        java.security.KeyStore ks = java.security.KeyStore.getInstance("pkcs12");
+        final String storeLocation = KEYSTORE;
+        try(InputStream is = getClass().getResourceAsStream(storeLocation))
         {
             ks.load(is, KEYSTORE_PASSWORD.toCharArray() );
         }
         X509Certificate cert = (X509Certificate) ks.getCertificate("rootca");
         int expiryDays = (int)((cert.getNotAfter().getTime() - System.currentTimeMillis()) / (24l * 60l * 60l * 1000l));
 
-        File[] resources = extractResourcesFromTestKeyStore(false);
+        File[] resources = extractResourcesFromTestKeyStore(false, storeLocation);
         _testResources.addAll(Arrays.asList(resources));
 
         Map<String,Object> attributes = new HashMap<>();
diff --git a/broker-core/src/test/java/org/apache/qpid/server/security/NonJavaTrustStoreTest.java b/broker-core/src/test/java/org/apache/qpid/server/security/NonJavaTrustStoreTest.java
index e6276a7..3ab6f83 100644
--- a/broker-core/src/test/java/org/apache/qpid/server/security/NonJavaTrustStoreTest.java
+++ b/broker-core/src/test/java/org/apache/qpid/server/security/NonJavaTrustStoreTest.java
@@ -48,6 +48,8 @@ import org.apache.qpid.test.utils.TestSSLConstants;
 
 public class NonJavaTrustStoreTest extends QpidTestCase
 {
+    private static final String EXPIRED_KEYSTORE = "ssl/java_client_expired_keystore.pkcs12";
+    private static final String KEYSTORE_PASSWORD = TestSSLConstants.KEYSTORE_PASSWORD;
     private final Broker<?> _broker = mock(Broker.class);
     private final TaskExecutor _taskExecutor = CurrentThreadTaskExecutor.newStartedInstance();
     private final Model _model = BrokerModel.getInstance();
@@ -69,7 +71,7 @@ public class NonJavaTrustStoreTest extends QpidTestCase
     {
         Map<String,Object> attributes = new HashMap<>();
         attributes.put(NonJavaTrustStore.NAME, "myTestTrustStore");
-        attributes.put(NonJavaTrustStore.CERTIFICATES_URL, getClass().getResource("/java_broker.crt").toExternalForm());
+        attributes.put(NonJavaTrustStore.CERTIFICATES_URL, getClass().getResource("/ssl/java_broker.crt").toExternalForm());
         attributes.put(NonJavaTrustStore.TYPE, "NonJavaTrustStore");
 
         TrustStore trustStore = _factory.create(TrustStore.class, attributes, _broker);
@@ -85,7 +87,7 @@ public class NonJavaTrustStoreTest extends QpidTestCase
         Map<String,Object> attributes = new HashMap<>();
         attributes.put(NonJavaTrustStore.NAME, "myTestTrustStore");
         attributes.put(NonJavaTrustStore.TRUST_ANCHOR_VALIDITY_ENFORCED, true);
-        attributes.put(NonJavaTrustStore.CERTIFICATES_URL, getClass().getResource("/expired.crt").toExternalForm());
+        attributes.put(NonJavaTrustStore.CERTIFICATES_URL, getClass().getResource("/ssl/expired.crt").toExternalForm());
         attributes.put(NonJavaTrustStore.TYPE, "NonJavaTrustStore");
 
         TrustStore trustStore = _factory.create(TrustStore.class, attributes, _broker);
@@ -96,9 +98,9 @@ public class NonJavaTrustStoreTest extends QpidTestCase
         assertTrue("Unexpected trust manager type",trustManagers[0] instanceof X509TrustManager);
         X509TrustManager trustManager = (X509TrustManager) trustManagers[0];
 
-        KeyStore clientStore = SSLUtil.getInitializedKeyStore(TestSSLConstants.EXPIRED_KEYSTORE,
-                                                              TestSSLConstants.KEYSTORE_PASSWORD,
-                                                              KeyStore.getDefaultType());
+        KeyStore clientStore = SSLUtil.getInitializedKeyStore(EXPIRED_KEYSTORE,
+                                                              KEYSTORE_PASSWORD,
+                                                              "PKCS12");
         String alias = clientStore.aliases().nextElement();
         X509Certificate certificate = (X509Certificate) clientStore.getCertificate(alias);
 
@@ -126,7 +128,7 @@ public class NonJavaTrustStoreTest extends QpidTestCase
     {
         Map<String,Object> attributes = new HashMap<>();
         attributes.put(NonJavaTrustStore.NAME, "myTestTrustStore");
-        attributes.put(NonJavaTrustStore.CERTIFICATES_URL, getClass().getResource("/java_broker.req").toExternalForm());
+        attributes.put(NonJavaTrustStore.CERTIFICATES_URL, getClass().getResource("/ssl/java_broker.req").toExternalForm());
         attributes.put(NonJavaTrustStore.TYPE, "NonJavaTrustStore");
 
         try
diff --git a/broker-core/src/test/java/org/apache/qpid/server/security/SiteSpecificTrustStoreTest.java b/broker-core/src/test/java/org/apache/qpid/server/security/SiteSpecificTrustStoreTest.java
index 2ac12f6..f012173 100644
--- a/broker-core/src/test/java/org/apache/qpid/server/security/SiteSpecificTrustStoreTest.java
+++ b/broker-core/src/test/java/org/apache/qpid/server/security/SiteSpecificTrustStoreTest.java
@@ -59,6 +59,8 @@ public class SiteSpecificTrustStoreTest extends QpidTestCase
 {
     private static final String EXPECTED_SUBJECT = "CN=localhost,OU=Unknown,O=Unknown,L=Unknown,ST=Unknown,C=Unknown";
     private static final String EXPECTED_ISSUER = "CN=MyRootCA,O=ACME,ST=Ontario,C=CA";
+    private static final String KEYSTORE = "/ssl/java_broker_keystore.pkcs12";
+    private static final String KEYSTORE_PASSWORD = TestSSLConstants.KEYSTORE_PASSWORD;
     private final Broker<?> _broker = mock(Broker.class);
     private final TaskExecutor _taskExecutor = CurrentThreadTaskExecutor.newStartedInstance();
     private final Model _model = BrokerModel.getInstance();
@@ -248,8 +250,8 @@ public class SiteSpecificTrustStoreTest extends QpidTestCase
 
         private ServerSocket createTestSSLServerSocket() throws Exception
         {
-            char[] keyPassword = TestSSLConstants.KEYSTORE_PASSWORD.toCharArray();
-            try(InputStream inputStream = getClass().getResourceAsStream("/java_broker_keystore.jks"))
+            char[] keyPassword = KEYSTORE_PASSWORD.toCharArray();
+            try(InputStream inputStream = getClass().getResourceAsStream(KEYSTORE))
             {
                 KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
                 KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
diff --git a/broker-core/src/test/java/org/apache/qpid/server/ssl/TrustManagerTest.java b/broker-core/src/test/java/org/apache/qpid/server/ssl/TrustManagerTest.java
index f152796..3dcddff 100644
--- a/broker-core/src/test/java/org/apache/qpid/server/ssl/TrustManagerTest.java
+++ b/broker-core/src/test/java/org/apache/qpid/server/ssl/TrustManagerTest.java
@@ -38,13 +38,23 @@ import org.apache.qpid.server.transport.network.security.ssl.SSLUtil;
 
 public class TrustManagerTest extends QpidTestCase
 {
-    private static final String STORE_TYPE = "JKS";
+    private static final String STORE_TYPE = "pkcs12";
     private static final String DEFAULT_TRUST_MANAGER_ALGORITHM = TrustManagerFactory.getDefaultAlgorithm();
+    private static final String KEYSTORE_PASSWORD = TestSSLConstants.KEYSTORE_PASSWORD;
+    private static final String PEER_STORE = "ssl/java_broker_peerstore.pkcs12";
+    private static final String PEER_STORE_PASSWORD = TestSSLConstants.BROKER_PEERSTORE_PASSWORD;
+    private static final String KEYSTORE = "ssl/java_client_keystore.pkcs12";
+    private static final String CERT_ALIAS_APP_1 = TestSSLConstants.CERT_ALIAS_APP1;
+    private static final String CERT_ALIAS_APP_2 = TestSSLConstants.CERT_ALIAS_APP2;
+    private static final String TRUST_STORE = "ssl/java_broker_truststore.pkcs12";
+    private static final String TRUST_STORE_PASSWORD = TestSSLConstants.BROKER_TRUSTSTORE_PASSWORD;
+    private static final String CERT_ALIAS_UNTRUSTED_CLIENT = TestSSLConstants.CERT_ALIAS_UNTRUSTED_CLIENT;
+    private static final String UNTRUSTED_KEYSTORE = "ssl/java_client_untrusted_keystore.pkcs12";
 
     // retrieves the client certificate's chain from store and returns it as an array
     private X509Certificate[] getClientChain(final String storePath, final String alias) throws Exception
     {
-        final KeyStore ks = SSLUtil.getInitializedKeyStore(storePath, TestSSLConstants.KEYSTORE_PASSWORD, STORE_TYPE);
+        final KeyStore ks = SSLUtil.getInitializedKeyStore(storePath, KEYSTORE_PASSWORD, STORE_TYPE);
         final Certificate[] chain = ks.getCertificateChain(alias);
         return Arrays.copyOf(chain, chain.length, X509Certificate[].class);
     }
@@ -56,7 +66,7 @@ public class TrustManagerTest extends QpidTestCase
         while (aliases.hasMoreElements())
         {
             final String alias = aliases.nextElement();
-            if (!alias.equalsIgnoreCase(TestSSLConstants.CERT_ALIAS_APP1))
+            if (!alias.equalsIgnoreCase(CERT_ALIAS_APP_1))
             {
                 fail("Broker's peer store contains other certificate than client's  app1 public key");
             }
@@ -70,7 +80,7 @@ public class TrustManagerTest extends QpidTestCase
     public void testQpidPeersOnlyTrustManager() throws Exception
     {
         // first let's check that peer manager loaded with the PEERstore succeeds
-        final KeyStore ps = SSLUtil.getInitializedKeyStore(TestSSLConstants.BROKER_PEERSTORE, TestSSLConstants.BROKER_PEERSTORE_PASSWORD, STORE_TYPE);
+        final KeyStore ps = SSLUtil.getInitializedKeyStore(PEER_STORE, PEER_STORE_PASSWORD, STORE_TYPE);
         this.noCAinPeerStore(ps);
         final TrustManagerFactory pmf = TrustManagerFactory.getInstance(DEFAULT_TRUST_MANAGER_ALGORITHM);
         pmf.init(ps);
@@ -90,7 +100,7 @@ public class TrustManagerTest extends QpidTestCase
         try
         {
             // since broker's peerstore contains the client's app1 certificate, the check should succeed
-            peerManager.checkClientTrusted(this.getClientChain(TestSSLConstants.KEYSTORE, TestSSLConstants.CERT_ALIAS_APP1), "RSA");
+            peerManager.checkClientTrusted(this.getClientChain(KEYSTORE, CERT_ALIAS_APP_1), "RSA");
         }
         catch (CertificateException e)
         {
@@ -100,7 +110,7 @@ public class TrustManagerTest extends QpidTestCase
         try
         {
             // since broker's peerstore does not contain the client's app2 certificate, the check should fail
-            peerManager.checkClientTrusted(this.getClientChain(TestSSLConstants.KEYSTORE, TestSSLConstants.CERT_ALIAS_APP2), "RSA");
+            peerManager.checkClientTrusted(this.getClientChain(KEYSTORE, CERT_ALIAS_APP_2), "RSA");
             fail("Untrusted client's validation against the broker's peer store manager succeeded.");
         }
         catch (CertificateException e)
@@ -111,7 +121,7 @@ public class TrustManagerTest extends QpidTestCase
         // now let's check that peer manager loaded with the brokers TRUSTstore fails because
         // it does not have the clients certificate in it (though it does have a CA-cert that
         // would otherwise trust the client cert when using the regular trust manager).
-        final KeyStore ts = SSLUtil.getInitializedKeyStore(TestSSLConstants.BROKER_TRUSTSTORE, TestSSLConstants.BROKER_TRUSTSTORE_PASSWORD, STORE_TYPE);
+        final KeyStore ts = SSLUtil.getInitializedKeyStore(TRUST_STORE, TRUST_STORE_PASSWORD, STORE_TYPE);
         final TrustManagerFactory tmf = TrustManagerFactory.getInstance(DEFAULT_TRUST_MANAGER_ALGORITHM);
         tmf.init(ts);
         final TrustManager[] delegateTrustManagers = tmf.getTrustManagers();
@@ -131,7 +141,7 @@ public class TrustManagerTest extends QpidTestCase
         {
             // since broker's truststore doesn't contain the client's app1 certificate, the check should fail
             // despite the fact that the truststore does have a CA that would otherwise trust the cert
-            peerManager.checkClientTrusted(this.getClientChain(TestSSLConstants.KEYSTORE, TestSSLConstants.CERT_ALIAS_APP1), "RSA");
+            peerManager.checkClientTrusted(this.getClientChain(KEYSTORE, CERT_ALIAS_APP_1), "RSA");
             fail("Client's validation against the broker's peer store manager didn't fail.");
         }
         catch (CertificateException e)
@@ -143,7 +153,7 @@ public class TrustManagerTest extends QpidTestCase
         {
             // since broker's truststore doesn't contain the client's app2 certificate, the check should fail
             // despite the fact that the truststore does have a CA that would otherwise trust the cert
-            peerManager.checkClientTrusted(this.getClientChain(TestSSLConstants.KEYSTORE, TestSSLConstants.CERT_ALIAS_APP2), "RSA");
+            peerManager.checkClientTrusted(this.getClientChain(KEYSTORE, CERT_ALIAS_APP_2), "RSA");
             fail("Client's validation against the broker's peer store manager didn't fail.");
         }
         catch (CertificateException e)
@@ -159,7 +169,7 @@ public class TrustManagerTest extends QpidTestCase
     public void testQpidMultipleTrustManagerWithRegularTrustStore() throws Exception
     {
         final QpidMultipleTrustManager mulTrustManager = new QpidMultipleTrustManager();
-        final KeyStore ts = SSLUtil.getInitializedKeyStore(TestSSLConstants.BROKER_TRUSTSTORE, TestSSLConstants.BROKER_TRUSTSTORE_PASSWORD, STORE_TYPE);
+        final KeyStore ts = SSLUtil.getInitializedKeyStore(TRUST_STORE, TRUST_STORE_PASSWORD, STORE_TYPE);
         final TrustManagerFactory tmf = TrustManagerFactory.getInstance(DEFAULT_TRUST_MANAGER_ALGORITHM);
         tmf.init(ts);
         final TrustManager[] delegateTrustManagers = tmf.getTrustManagers();
@@ -178,8 +188,7 @@ public class TrustManagerTest extends QpidTestCase
         try
         {
             // verify the CA-trusted app1 cert (should succeed)
-            mulTrustManager.checkClientTrusted(this.getClientChain(TestSSLConstants.KEYSTORE,
-                                                                   TestSSLConstants.CERT_ALIAS_APP1), "RSA");
+            mulTrustManager.checkClientTrusted(this.getClientChain(KEYSTORE, CERT_ALIAS_APP_1), "RSA");
         }
         catch (CertificateException ex)
         {
@@ -189,8 +198,7 @@ public class TrustManagerTest extends QpidTestCase
         try
         {
             // verify the CA-trusted app2 cert (should succeed)
-            mulTrustManager.checkClientTrusted(this.getClientChain(TestSSLConstants.KEYSTORE,
-                                                                   TestSSLConstants.CERT_ALIAS_APP2), "RSA");
+            mulTrustManager.checkClientTrusted(this.getClientChain(KEYSTORE, CERT_ALIAS_APP_2), "RSA");
         }
         catch (CertificateException ex)
         {
@@ -200,8 +208,8 @@ public class TrustManagerTest extends QpidTestCase
         try
         {
             // verify the untrusted cert (should fail)
-            mulTrustManager.checkClientTrusted(this.getClientChain(TestSSLConstants.UNTRUSTED_KEYSTORE,
-                                                                   TestSSLConstants.CERT_ALIAS_UNTRUSTED_CLIENT), "RSA");
+            mulTrustManager.checkClientTrusted(this.getClientChain(UNTRUSTED_KEYSTORE,
+                                                                   CERT_ALIAS_UNTRUSTED_CLIENT), "RSA");
             fail("Untrusted client's validation against the broker's multi store manager unexpectedly passed.");
         }
         catch (CertificateException ex)
@@ -217,7 +225,7 @@ public class TrustManagerTest extends QpidTestCase
     public void testQpidMultipleTrustManagerWithPeerStore() throws Exception
     {
         final QpidMultipleTrustManager mulTrustManager = new QpidMultipleTrustManager();
-        final KeyStore ps = SSLUtil.getInitializedKeyStore(TestSSLConstants.BROKER_PEERSTORE, TestSSLConstants.BROKER_PEERSTORE_PASSWORD, STORE_TYPE);
+        final KeyStore ps = SSLUtil.getInitializedKeyStore(PEER_STORE, PEER_STORE_PASSWORD, STORE_TYPE);
         final TrustManagerFactory pmf = TrustManagerFactory.getInstance(DEFAULT_TRUST_MANAGER_ALGORITHM);
         pmf.init(ps);
         final TrustManager[] delegatePeerManagers = pmf.getTrustManagers();
@@ -236,8 +244,8 @@ public class TrustManagerTest extends QpidTestCase
         try
         {
             // verify the trusted app1 cert (should succeed as the key is in the peerstore)
-            mulTrustManager.checkClientTrusted(this.getClientChain(TestSSLConstants.KEYSTORE,
-                                                                   TestSSLConstants.CERT_ALIAS_APP1), "RSA");
+            mulTrustManager.checkClientTrusted(this.getClientChain(KEYSTORE,
+                                                                   CERT_ALIAS_APP_1), "RSA");
         }
         catch (CertificateException ex)
         {
@@ -247,8 +255,8 @@ public class TrustManagerTest extends QpidTestCase
         try
         {
             // verify the untrusted app2 cert (should fail as the key is not in the peerstore)
-            mulTrustManager.checkClientTrusted(this.getClientChain(TestSSLConstants.KEYSTORE,
-                                                                   TestSSLConstants.CERT_ALIAS_APP2), "RSA");
+            mulTrustManager.checkClientTrusted(this.getClientChain(KEYSTORE,
+                                                                   CERT_ALIAS_APP_2), "RSA");
             fail("Untrusted client's validation against the broker's multi store manager unexpectedly passed.");
         }
         catch (CertificateException ex)
@@ -259,8 +267,8 @@ public class TrustManagerTest extends QpidTestCase
         try
         {
             // verify the untrusted cert (should fail as the key is not in the peerstore)
-            mulTrustManager.checkClientTrusted(this.getClientChain(TestSSLConstants.UNTRUSTED_KEYSTORE,
-                                                                   TestSSLConstants.CERT_ALIAS_UNTRUSTED_CLIENT), "RSA");
+            mulTrustManager.checkClientTrusted(this.getClientChain(UNTRUSTED_KEYSTORE,
+                                                                   CERT_ALIAS_UNTRUSTED_CLIENT), "RSA");
             fail("Untrusted client's validation against the broker's multi store manager unexpectedly passed.");
         }
         catch (CertificateException ex)
@@ -277,7 +285,7 @@ public class TrustManagerTest extends QpidTestCase
     public void testQpidMultipleTrustManagerWithTrustAndPeerStores() throws Exception
     {
         final QpidMultipleTrustManager mulTrustManager = new QpidMultipleTrustManager();
-        final KeyStore ts = SSLUtil.getInitializedKeyStore(TestSSLConstants.BROKER_TRUSTSTORE, TestSSLConstants.BROKER_TRUSTSTORE_PASSWORD, STORE_TYPE);
+        final KeyStore ts = SSLUtil.getInitializedKeyStore(TRUST_STORE, TRUST_STORE_PASSWORD, STORE_TYPE);
         final TrustManagerFactory tmf = TrustManagerFactory.getInstance(DEFAULT_TRUST_MANAGER_ALGORITHM);
         tmf.init(ts);
         final TrustManager[] delegateTrustManagers = tmf.getTrustManagers();
@@ -293,7 +301,7 @@ public class TrustManagerTest extends QpidTestCase
         }
         assertTrue("The regular trust manager for the trust store was not added", trustManagerAdded);
 
-        final KeyStore ps = SSLUtil.getInitializedKeyStore(TestSSLConstants.BROKER_PEERSTORE, TestSSLConstants.BROKER_PEERSTORE_PASSWORD, STORE_TYPE);
+        final KeyStore ps = SSLUtil.getInitializedKeyStore(PEER_STORE, PEER_STORE_PASSWORD, STORE_TYPE);
         final TrustManagerFactory pmf = TrustManagerFactory.getInstance(DEFAULT_TRUST_MANAGER_ALGORITHM);
         pmf.init(ps);
         final TrustManager[] delegatePeerManagers = pmf.getTrustManagers();
@@ -312,8 +320,8 @@ public class TrustManagerTest extends QpidTestCase
         try
         {
             // verify the CA-trusted app1 cert (should succeed)
-            mulTrustManager.checkClientTrusted(this.getClientChain(TestSSLConstants.KEYSTORE,
-                                                                   TestSSLConstants.CERT_ALIAS_APP1), "RSA");
+            mulTrustManager.checkClientTrusted(this.getClientChain(KEYSTORE,
+                                                                   CERT_ALIAS_APP_1), "RSA");
         }
         catch (CertificateException ex)
         {
@@ -323,8 +331,8 @@ public class TrustManagerTest extends QpidTestCase
         try
         {
             // verify the CA-trusted app2 cert (should succeed)
-            mulTrustManager.checkClientTrusted(this.getClientChain(TestSSLConstants.KEYSTORE,
-                                                                   TestSSLConstants.CERT_ALIAS_APP2), "RSA");
+            mulTrustManager.checkClientTrusted(this.getClientChain(KEYSTORE,
+                                                                   CERT_ALIAS_APP_2), "RSA");
         }
         catch (CertificateException ex)
         {
@@ -334,8 +342,8 @@ public class TrustManagerTest extends QpidTestCase
         try
         {
             // verify the untrusted cert (should fail)
-            mulTrustManager.checkClientTrusted(this.getClientChain(TestSSLConstants.UNTRUSTED_KEYSTORE,
-                                                                   TestSSLConstants.CERT_ALIAS_UNTRUSTED_CLIENT), "RSA");
+            mulTrustManager.checkClientTrusted(this.getClientChain(UNTRUSTED_KEYSTORE,
+                                                                   CERT_ALIAS_UNTRUSTED_CLIENT), "RSA");
             fail("Untrusted client's validation against the broker's multi store manager unexpectedly passed.");
         }
         catch (CertificateException ex)
diff --git a/broker-core/src/test/resources/ssl/expired.crt b/broker-core/src/test/resources/ssl/expired.crt
new file mode 100644
index 0000000..933330a
--- /dev/null
+++ b/broker-core/src/test/resources/ssl/expired.crt
@@ -0,0 +1,17 @@
+-----BEGIN CERTIFICATE-----
+MIICvzCCAaegAwIBAgIEAjtn8zANBgkqhkiG9w0BAQ0FADAQMQ4wDAYDVQQDEwVV
+U0VSMTAeFw0xMDAxMDEyMjQ0MjVaFw0xMDAxMDIyMjQ0MjVaMBAxDjAMBgNVBAMT
+BVVTRVIxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAj2wa5um63bXJ
+j7jv3pfhDgkvwE9hfM/DLv1rmkq2Psepefb40VJng61WiTeLNWdXrAJ+ui5iHTCn
+8n+iqaucaPv4mOwH3j57CCLRvFrFSp/cUx2oZ3Zx1DfaSgfIc5F8AJQvYrtCxa6m
+eYCoUJ3BZqARiKc6fk/RtACB1YI9mCDYOgnntNhEwMkRTuPqholyaL1fmw51EDGH
+iGCQwsxj+YMLkuK2aQAs498NcA6fzui0Ey3MJ6LmLYbOSKqZ1cBzC4YfSGH921Ic
+4YDgsvQ1io1zN4AJFHj8ld5rlDCTElgUFmkm2wCLvQAQ9+5MB4fDVLFldpHHBgX2
+0097qFSAEwIDAQABoyEwHzAdBgNVHQ4EFgQUZ30jJvIgSSRkltqIKv7UgEYnlvUw
+DQYJKoZIhvcNAQENBQADggEBABYZ+ZwbRnJvfjnFq9c+GV5/7FJOTlO0SVAVZrYJ
+HzquTr3mFDkhOc6aDlaNGiFAJcs6Udj3MvV7J+Uuai9oJDmVCt94HZL3k09G+z1b
+A3BorBKWDYm2L9CKpjUgD0VY40Tc2yNVyrzCbdjVnBkrLKiAirSrb5NJK2lnJg4Y
+TB7TiAnSydfRWUyUo8/wEMgIo4o0vuB7AnBQFhCd0XRmxBNoBZ19f+R041I6CQ0L
+9jc172XWHL1o111/RS7M8qLcWxi11DN62p6IKNT32DnhVV0RFnfVTQDaQ9qsPFmg
+Dngy+2weYwc6hEKhnunGrv0LNoqp6lQbOZO4c4v0/ynBHf4=
+-----END CERTIFICATE-----
diff --git a/broker-core/src/test/resources/ssl/java_broker.crt b/broker-core/src/test/resources/ssl/java_broker.crt
new file mode 100644
index 0000000..4e5c086
--- /dev/null
+++ b/broker-core/src/test/resources/ssl/java_broker.crt
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDbzCCAlegAwIBAgIFALBcS4MwDQYJKoZIhvcNAQELBQAwQTELMAkGA1UEBhMC
+Q0ExEDAOBgNVBAgTB09udGFyaW8xDTALBgNVBAoTBEFDTUUxETAPBgNVBAMTCE15
+Um9vdENBMB4XDTE5MDIyNzE2MDY0M1oXDTI0MDIyNzE2MDY0M1owbjEQMA4GA1UE
+BhMHVW5rbm93bjEQMA4GA1UECBMHVW5rbm93bjEQMA4GA1UEBxMHVW5rbm93bjEQ
+MA4GA1UEChMHVW5rbm93bjEQMA4GA1UECxMHVW5rbm93bjESMBAGA1UEAxMJbG9j
+YWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq1zWGLqSHqno
+In5HjqSLSNQb5TV7qTeoKeVGJdfP13oXMllzy4JTCiXBen3l3YhpSxqGYccyEYee
+UlMSWH1snv9kW5sh+fF8HjJrabQco+vkUqUirvotaBQP71X1V+05AFxFhWfgdINw
+Kzu6az5i2S6DWJ0Xkseuolo3cM/J+M245NJj3as0dX2bOu0qbqk4izDqqV1uiyUP
+Udn0jICC52ZLd2v9lBbUQD/ZvwMYWIiBw9pfPxvIw2OsqsKeh+I7RUoGBxDUdDvj
+lbNeJV7AmeoszI/3bHkncdCiObFMXdXmUVwcRJYDAq5eBhgK59WcwKPIqlOLismQ
+wjN4ZxxvqQIDAQABo0EwPzAdBgNVHQ4EFgQU8NpCddyhoagntgXuH6eMGKnNxJsw
+CQYDVR0TBAIwADATBgNVHSUEDDAKBggrBgEFBQcDATANBgkqhkiG9w0BAQsFAAOC
+AQEAjFSD0UPN7ZqMKA0Sk2oailI+AU11VEmwIw18sXSEFMWSH8uAgkyTOvNQv4Nu
+WHgNOx20r18bYVrTqTznRa9oM7xemtR2pKqJYUQKqvk9vcF8mY7ibK1AH1vlm/gh
+7EfEmobfwHutXyTbUppgqf4QLn9AYLokD/w0la1mxDQ5Qc5FefgxLGaN2DZALFOc
+8lcpA9E2hTau2znxMlqqrG73E6R2XoE7BVMHVemVAAvusBuuP9OW/iC/KTPDFNoy
+NnDViQfIh03aBH2N5XCcnsdsxDULh6pjdZWf9FB+8OBDKyajNdFZku7AFLkt+QIa
+FVo105jdjqfMxt8FRNuQ05vYEQ==
+-----END CERTIFICATE-----
diff --git a/broker-core/src/test/resources/ssl/java_broker.req b/broker-core/src/test/resources/ssl/java_broker.req
new file mode 100644
index 0000000..c618dd3
--- /dev/null
+++ b/broker-core/src/test/resources/ssl/java_broker.req
@@ -0,0 +1,18 @@
+-----BEGIN NEW CERTIFICATE REQUEST-----
+MIIC4zCCAcsCAQAwbjEQMA4GA1UEBhMHVW5rbm93bjEQMA4GA1UECBMHVW5rbm93
+bjEQMA4GA1UEBxMHVW5rbm93bjEQMA4GA1UEChMHVW5rbm93bjEQMA4GA1UECxMH
+VW5rbm93bjESMBAGA1UEAxMJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEAq1zWGLqSHqnoIn5HjqSLSNQb5TV7qTeoKeVGJdfP13oXMllz
+y4JTCiXBen3l3YhpSxqGYccyEYeeUlMSWH1snv9kW5sh+fF8HjJrabQco+vkUqUi
+rvotaBQP71X1V+05AFxFhWfgdINwKzu6az5i2S6DWJ0Xkseuolo3cM/J+M245NJj
+3as0dX2bOu0qbqk4izDqqV1uiyUPUdn0jICC52ZLd2v9lBbUQD/ZvwMYWIiBw9pf
+PxvIw2OsqsKeh+I7RUoGBxDUdDvjlbNeJV7AmeoszI/3bHkncdCiObFMXdXmUVwc
+RJYDAq5eBhgK59WcwKPIqlOLismQwjN4ZxxvqQIDAQABoDAwLgYJKoZIhvcNAQkO
+MSEwHzAdBgNVHQ4EFgQU8NpCddyhoagntgXuH6eMGKnNxJswDQYJKoZIhvcNAQEN
+BQADggEBAHsfAScjTeIM+Mkmq7z29wl0+NdWyoDKt0PjG0/WffExGXG1FD6JrbP7
+UEeBY60WdypO9/Nx7I/sw/UOsOH297NuCMkFDitAk5/5XDVSYpywBi85XK72ODmv
+hWYn2MGP9YnfL3qOd75kpNgVBKt9+IVFFNgdUMfzDQpTQgmzdaRepM4HUuxJnNGN
+jcjA6b7rT0XQu7EJqM/Q1beJTVmwtv/3ZsBduJfksr2+fyC7wd344Equ8kfhZtd9
+YocJYdlZ//0RjWMv10hXNMD2Y+Nk4ldoFOXwv93JMcBn4Uy0TeZ9O/eI/jETT5TL
+FZUUWdHvGqN2/9L4EZ0rAyH87HpHV7I=
+-----END NEW CERTIFICATE REQUEST-----
diff --git a/broker-core/src/test/resources/ssl/java_broker_expired_truststore.pkcs12 b/broker-core/src/test/resources/ssl/java_broker_expired_truststore.pkcs12
new file mode 100644
index 0000000..9bfe301
Binary files /dev/null and b/broker-core/src/test/resources/ssl/java_broker_expired_truststore.pkcs12 differ
diff --git a/broker-core/src/test/resources/ssl/java_broker_keystore.pkcs12 b/broker-core/src/test/resources/ssl/java_broker_keystore.pkcs12
new file mode 100644
index 0000000..b45991f
Binary files /dev/null and b/broker-core/src/test/resources/ssl/java_broker_keystore.pkcs12 differ
diff --git a/broker-core/src/test/resources/ssl/java_broker_peerstore.pkcs12 b/broker-core/src/test/resources/ssl/java_broker_peerstore.pkcs12
new file mode 100644
index 0000000..a5b307f
Binary files /dev/null and b/broker-core/src/test/resources/ssl/java_broker_peerstore.pkcs12 differ
diff --git a/broker-core/src/test/resources/ssl/java_broker_truststore.pkcs12 b/broker-core/src/test/resources/ssl/java_broker_truststore.pkcs12
new file mode 100644
index 0000000..4184adf
Binary files /dev/null and b/broker-core/src/test/resources/ssl/java_broker_truststore.pkcs12 differ
diff --git a/broker-core/src/test/resources/ssl/java_client_expired_keystore.pkcs12 b/broker-core/src/test/resources/ssl/java_client_expired_keystore.pkcs12
new file mode 100644
index 0000000..cb9b876
Binary files /dev/null and b/broker-core/src/test/resources/ssl/java_client_expired_keystore.pkcs12 differ
diff --git a/broker-core/src/test/resources/ssl/java_client_keystore.pkcs12 b/broker-core/src/test/resources/ssl/java_client_keystore.pkcs12
new file mode 100644
index 0000000..9422d9a
Binary files /dev/null and b/broker-core/src/test/resources/ssl/java_client_keystore.pkcs12 differ
diff --git a/broker-core/src/test/resources/ssl/java_client_truststore.pkcs12 b/broker-core/src/test/resources/ssl/java_client_truststore.pkcs12
new file mode 100644
index 0000000..1b45a23
Binary files /dev/null and b/broker-core/src/test/resources/ssl/java_client_truststore.pkcs12 differ
diff --git a/broker-core/src/test/resources/ssl/java_client_untrusted_keystore.pkcs12 b/broker-core/src/test/resources/ssl/java_client_untrusted_keystore.pkcs12
new file mode 100644
index 0000000..8b0b023
Binary files /dev/null and b/broker-core/src/test/resources/ssl/java_client_untrusted_keystore.pkcs12 differ
diff --git a/broker-core/src/test/resources/ssl/test_keystore.jks b/broker-core/src/test/resources/ssl/test_keystore.jks
index 941fc7e..afa9d02 100644
Binary files a/broker-core/src/test/resources/ssl/test_keystore.jks and b/broker-core/src/test/resources/ssl/test_keystore.jks differ
diff --git a/systests/qpid-systests-http-management/src/main/resources/java_broker_keystore.jks b/systests/qpid-systests-http-management/src/main/resources/java_broker_keystore.jks
new file mode 100644
index 0000000..b45991f
Binary files /dev/null and b/systests/qpid-systests-http-management/src/main/resources/java_broker_keystore.jks differ
diff --git a/test-profiles/test_resources/ssl/CA_db/cert8.db b/test-profiles/test_resources/ssl/CA_db/cert8.db
deleted file mode 100644
index a3f6c20..0000000
Binary files a/test-profiles/test_resources/ssl/CA_db/cert8.db and /dev/null differ
diff --git a/test-profiles/test_resources/ssl/CA_db/cert9.db b/test-profiles/test_resources/ssl/CA_db/cert9.db
new file mode 100644
index 0000000..2bed63c
Binary files /dev/null and b/test-profiles/test_resources/ssl/CA_db/cert9.db differ
diff --git a/test-profiles/test_resources/ssl/CA_db/key3.db b/test-profiles/test_resources/ssl/CA_db/key3.db
deleted file mode 100644
index ccde375..0000000
Binary files a/test-profiles/test_resources/ssl/CA_db/key3.db and /dev/null differ
diff --git a/test-profiles/test_resources/ssl/CA_db/key4.db b/test-profiles/test_resources/ssl/CA_db/key4.db
new file mode 100644
index 0000000..4562b1a
Binary files /dev/null and b/test-profiles/test_resources/ssl/CA_db/key4.db differ
diff --git a/test-profiles/test_resources/ssl/CA_db/pkcs11.txt b/test-profiles/test_resources/ssl/CA_db/pkcs11.txt
new file mode 100644
index 0000000..beb8e0f
--- /dev/null
+++ b/test-profiles/test_resources/ssl/CA_db/pkcs11.txt
@@ -0,0 +1,5 @@
+library=
+name=NSS Internal PKCS #11 Module
+parameters=configdir='CA_db' certPrefix='' keyPrefix='' secmod='secmod.db' flags= updatedir='' updateCertPrefix='' updateKeyPrefix='' updateid='' updateTokenDescription='' 
+NSS=Flags=internal,critical trustOrder=75 cipherOrder=100 slotParams=(1={slotFlags=[ECC,RSA,DSA,DH,RC2,RC4,DES,RANDOM,SHA1,MD5,MD2,SSL,TLS,AES,Camellia,SEED,SHA256,SHA512] askpw=any timeout=30})
+
diff --git a/test-profiles/test_resources/ssl/CA_db/rootca.crt b/test-profiles/test_resources/ssl/CA_db/rootca.crt
index eeced5a..b9356b6 100644
--- a/test-profiles/test_resources/ssl/CA_db/rootca.crt
+++ b/test-profiles/test_resources/ssl/CA_db/rootca.crt
@@ -1,13 +1,19 @@
 -----BEGIN CERTIFICATE-----
-MIICDDCCAXWgAwIBAgIFAKI1edswDQYJKoZIhvcNAQEFBQAwQTELMAkGA1UEBhMC
+MIIDETCCAfmgAwIBAgIFALBcSiAwDQYJKoZIhvcNAQENBQAwQTELMAkGA1UEBhMC
 Q0ExEDAOBgNVBAgTB09udGFyaW8xDTALBgNVBAoTBEFDTUUxETAPBgNVBAMTCE15
-Um9vdENBMB4XDTE1MDMxOTIyMzUyOVoXDTIwMDMxOTIyMzUyOVowQTELMAkGA1UE
+Um9vdENBMB4XDTE5MDIyNzE2MDM1OVoXDTI0MDIyNzE2MDM1OVowQTELMAkGA1UE
 BhMCQ0ExEDAOBgNVBAgTB09udGFyaW8xDTALBgNVBAoTBEFDTUUxETAPBgNVBAMT
-CE15Um9vdENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDjbsB++rgz0Kl9
-4VLr/03Tgab+xxf1krNdxriCMf7dd2cOQbHt3ytDeLroR/TH2Jqkv6MuXRlYHByw
-Oa3tqqX9pfCJDMnLiUZ97coeaZdtlLaHsVdp0KUiRPT+aUxbGW4n7r9o/5ahCoDV
-gxWsU0JXlHMI8eRh/smNVWf2AgQKBwIDAQABoxAwDjAMBgNVHRMEBTADAQH/MA0G
-CSqGSIb3DQEBBQUAA4GBAKfUcPQHf8Qs5UdLWyOSlnAB3fVjFjZHgBXdGAsZNFMY
-/Grjl1lGc7KJSvm6ICMD1Dq4rHrw1i4KwaeyuCfMgZ5RpsNXNoVVtCms4vD/FbSw
-Vde4OfEDiHcOy5Pd/ovnwPd6znHlYIXWZ3SEBs4MKzWW8BnwOEO+FAog0rAOE9N+
+CE15Um9vdENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx7wfxIsA
+yM7HhpEfHy0rEBrhfwCTf/dO/x6DFKjYfxKuhbFcHuBWHhq60mn04Wfo0kwCSZSE
+sabJvba5iHAztzHUeLBTyg9fy57tlNs0sQMqXCD3bwa1HBGgMt5A05zSmi9ZklwH
+xrfB8nbSePD/V1tmwjXvWYx/G2xnRHZbs8dS000DteI2yq8O1i/NJst8KrifxgE2
+RzfNqSLxrmEzZAe5lt2eGIxr+UatR/AKXFixfKEK523Rq9CnJ7Fdgzt0WebbhUwg
+4A0AIJk4h6WKTB+RwdWT9Dgzc+qSkjHco9vqToF92QfQOygPjDSjWKHwPyTskuYf
+W9EohouHZWjsXQIDAQABoxAwDjAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBDQUA
+A4IBAQCYi9vsfbIRihVyVQ8R1xBD+v7HZ31Se4v3ODQ9xD4DBE4qcE4kYTmFdRoD
+5WIm9O2w20Iz4icVr1iyOlund9psL3CSklPVUqGIGQXfzxfI9Dgi+NicIWDFhHra
+hfeYl2Tg4lkkodTewVMdiigh7MBdWnr3j/xEIWxcvD3x5ymXPV6PU9mzn8r/tcNC
+A+07I0eCqcAYHDTEQxumiTBObymnnABYr0lDa+baWrW2YuLx+I5I+rHFEnuy9vDn
+rN0kZuG32V5cIAavDZWkUrxR87TsJ0gxv/cbFU+J2x4Z6X8ryI2HhLujxqXmTzSH
+5Bq18bki5O4kqJFY4CA/N+035Yta
 -----END CERTIFICATE-----
diff --git a/test-profiles/test_resources/ssl/CA_db/secmod.db b/test-profiles/test_resources/ssl/CA_db/secmod.db
deleted file mode 100644
index 0c0a006..0000000
Binary files a/test-profiles/test_resources/ssl/CA_db/secmod.db and /dev/null differ
diff --git a/test-profiles/test_resources/ssl/app1.crt b/test-profiles/test_resources/ssl/app1.crt
index 5b32b12..edc890f 100644
--- a/test-profiles/test_resources/ssl/app1.crt
+++ b/test-profiles/test_resources/ssl/app1.crt
@@ -1,18 +1,21 @@
 -----BEGIN CERTIFICATE-----
-MIIC4TCCAkqgAwIBAgIFAKI1xIUwDQYJKoZIhvcNAQEFBQAwQTELMAkGA1UEBhMC
+MIIDYjCCAkqgAwIBAgIFALBcS8MwDQYJKoZIhvcNAQENBQAwQTELMAkGA1UEBhMC
 Q0ExEDAOBgNVBAgTB09udGFyaW8xDTALBgNVBAoTBEFDTUUxETAPBgNVBAMTCE15
-Um9vdENBMB4XDTE1MDMyMDAxMjE1MloXDTIwMDMyMDAxMjE1MlowYTELMAkGA1UE
+Um9vdENBMB4XDTE5MDIyNzE2MDcxNloXDTI0MDIyNzE2MDcxNlowYTELMAkGA1UE
 BhMCQ0ExCzAJBgNVBAgTAk9OMRAwDgYDVQQHEwdUb3JvbnRvMQ0wCwYDVQQKEwRh
 Y21lMQwwCgYDVQQLEwNhcnQxFjAUBgNVBAMMDWFwcDFAYWNtZS5vcmcwggEiMA0G
-CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCL3+MH/VknnAI+ldWywF4khA8oGjGd
-w6z5zPWZ83ucPdjIFUNRN4N38Fd62gs0BCwrZcRZiHbynWFZBsweUj7ODyYFPFtq
-xaYO/Ovt4xGsNspcpcSNVPhcH/34hfqpUmsUrM1tFf/1vgOV4BfU05mkNCeZxvmg
-TuyAXPbunwu4poPaWOy0JBTSsS8LPGgofE8k0yzg9+91Ixw6ulQLV/TEuhgbJ7sL
-iA70GTHLs3vwnlsvU0xLUb+U3OAxbHpCrbnmwmGg9BrjJvJGfL9UydpjiIl25uMA
-PTkI+gapLAf2lkiyk+dpIz99LXvAUqKnli6KGNVLhmJb1KNelBlqlJcDAgMBAAGj
-QTA/MB0GA1UdDgQWBBRm2ix2JDQ9VG0wsZctPa/PnJdxhDAJBgNVHRMEAjAAMBMG
-A1UdJQQMMAoGCCsGAQUFBwMCMA0GCSqGSIb3DQEBBQUAA4GBABr7BxsqDpHy2tOo
-F39pthuSpHBh37fxtSCJKMigMFjRUCpLYosMefixVYGT8IAhJ+KSzAg48SKmD0b5
-9R4NZXP16Mbs6U9Air8CSANsfpcG4nJu+QiTIu6RAQOwt+dlYfRe/OkNpunzJBzb
-eAEMdf1CrEFtQi/hniiLffjyk7ln
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCXNdGrF7GBnVVvkrwzu9xo7scIEUll
+82cRZ2yQ+Ua4dkg+mmrVwZjSN/fkUNsrecruhfx4jcmaEXwdixuDpCnw1fZ1xfC7
+AO2FdZrGtdFeaBfVyZ6g2hihcWK2FPlJRhvG2Fm6FlZAwQyhfagnA4VBxthFlhGw
+D7su+rp3bVGHXh0RYtc6eCE5FK9/tnGQgLVBVnENmdCg4Xd3WtnPV/boWSUR6Obk
+M7CfDOkFDz4DrJmUEaMMzGScustNsZuU/qZ2ei1eaY0GMnRquW4hyYYw8JXVO3Ji
+JtchVlUo7SL2gDuGmpk+/yceitJWn2e482lgURuVRFSwSgSqEkZrjCSpAgMBAAGj
+QTA/MB0GA1UdDgQWBBTDC6GBKI/QRwIZlVC8SJN6V/6OxDAJBgNVHRMEAjAAMBMG
+A1UdJQQMMAoGCCsGAQUFBwMCMA0GCSqGSIb3DQEBDQUAA4IBAQBjNo/6CYFVU21q
+TWW88eG1J/I6e+vv9hjNWuxtsOuWUzoepNFAa7gY1C5jMHMe1hXl9hK4mHm/D1o2
+5i3FERDyLz5x6a0oQP6T8F+BLfg8YGfbrcCuZPInPKgw5bc2xRVJc8zaZM5EBw1+
+U80+o5Er2XU/MSfJ6vfsNjZ7aGOo/ssQwBarKGHUwQTazgwRy+kVh9aZf+Vadbnx
+u3mtV6md9EMLfRzOKfTrdlHrS1CgUTKn+LmwSsBNomxXJcW0gpWIx4hoCd07vJCj
+WAvAeHdzAVSiAKkJ42ikOd7g5pXUFkpcNlIyfLpJGwTZYNSCx0eXuSUt3cLA+7V/
+2wXQNMED
 -----END CERTIFICATE-----
diff --git a/test-profiles/test_resources/ssl/app1.req b/test-profiles/test_resources/ssl/app1.req
index 318715d..f1f90e0 100644
--- a/test-profiles/test_resources/ssl/app1.req
+++ b/test-profiles/test_resources/ssl/app1.req
@@ -1,15 +1,18 @@
 -----BEGIN NEW CERTIFICATE REQUEST-----
-MIIC1jCCAb4CAQAwYTELMAkGA1UEBhMCQ0ExCzAJBgNVBAgTAk9OMRAwDgYDVQQHEwdUb3JvbnRv
-MQ0wCwYDVQQKEwRhY21lMQwwCgYDVQQLEwNhcnQxFjAUBgNVBAMMDWFwcDFAYWNtZS5vcmcwggEi
-MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCL3+MH/VknnAI+ldWywF4khA8oGjGdw6z5zPWZ
-83ucPdjIFUNRN4N38Fd62gs0BCwrZcRZiHbynWFZBsweUj7ODyYFPFtqxaYO/Ovt4xGsNspcpcSN
-VPhcH/34hfqpUmsUrM1tFf/1vgOV4BfU05mkNCeZxvmgTuyAXPbunwu4poPaWOy0JBTSsS8LPGgo
-fE8k0yzg9+91Ixw6ulQLV/TEuhgbJ7sLiA70GTHLs3vwnlsvU0xLUb+U3OAxbHpCrbnmwmGg9Brj
-JvJGfL9UydpjiIl25uMAPTkI+gapLAf2lkiyk+dpIz99LXvAUqKnli6KGNVLhmJb1KNelBlqlJcD
-AgMBAAGgMDAuBgkqhkiG9w0BCQ4xITAfMB0GA1UdDgQWBBRm2ix2JDQ9VG0wsZctPa/PnJdxhDAN
-BgkqhkiG9w0BAQUFAAOCAQEAMlm/PeNAirN/c6KWkVNYBYk1RosQ0TVoRLnrKON/HHcHSlA6YCAD
-LLc2S8fTEjxKoOU3G1pL3s6nD1GKETF/k9Wm9VAK2lg9daG35p5RaEFwLc3r9PVMLNYcnOSXV4tj
-9S7L2FH2mxinj9vs7VYe6ZmI2vp2ts0P5/k4dX/vAQAkS8y6A+gxVzUeeDFT2+WQtmRG/mPfU9Ic
-9w965Po0Dd7cQPgwS7WQoVHovSjIvNXhm6aNki9uyWoDIE4cR2QcHRC6YBlxRiEq6uW87FBgrCH+
-ooLiZS/+p8TWCRro3HvsFRrrCTE+gFK8c3ouueIzmvu4+SKB0lPJOdnhoUsOaw==
+MIIC1jCCAb4CAQAwYTELMAkGA1UEBhMCQ0ExCzAJBgNVBAgTAk9OMRAwDgYDVQQH
+EwdUb3JvbnRvMQ0wCwYDVQQKEwRhY21lMQwwCgYDVQQLEwNhcnQxFjAUBgNVBAMM
+DWFwcDFAYWNtZS5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCX
+NdGrF7GBnVVvkrwzu9xo7scIEUll82cRZ2yQ+Ua4dkg+mmrVwZjSN/fkUNsrecru
+hfx4jcmaEXwdixuDpCnw1fZ1xfC7AO2FdZrGtdFeaBfVyZ6g2hihcWK2FPlJRhvG
+2Fm6FlZAwQyhfagnA4VBxthFlhGwD7su+rp3bVGHXh0RYtc6eCE5FK9/tnGQgLVB
+VnENmdCg4Xd3WtnPV/boWSUR6ObkM7CfDOkFDz4DrJmUEaMMzGScustNsZuU/qZ2
+ei1eaY0GMnRquW4hyYYw8JXVO3JiJtchVlUo7SL2gDuGmpk+/yceitJWn2e482lg
+URuVRFSwSgSqEkZrjCSpAgMBAAGgMDAuBgkqhkiG9w0BCQ4xITAfMB0GA1UdDgQW
+BBTDC6GBKI/QRwIZlVC8SJN6V/6OxDANBgkqhkiG9w0BAQ0FAAOCAQEAVQ6eZDo+
+aW/JjTsK1duwqkpxWcGWyNApOaEETnunCFUsTYcN3zId7107gNMlKSQrQOztYFNc
+OKjDOicKHSoYoh+qRxprB4CPrhdNMXrtjFUOCDA+eLvf7kHn9hcOzg8XkgDOFVOs
+x61krLsN5jo2pfqdiPj13ilas7lBy4/WjEnazg/g/ckWAbYp2Rec47UnAGi5LB9h
+cgO/+vZUpmCCfHCURBC1qwk9UdbXlaDZcbITszvR86PZ6ztkDO9dxbDDvCHydvcD
+jaEHdvpSlC2WiWc4R/Tjq+xYQkRayPHYzHF1w3YYEbpuQOZwiuzYlQrZnOyH+oVC
+/0qy57VDVqP/HA==
 -----END NEW CERTIFICATE REQUEST-----
diff --git a/test-profiles/test_resources/ssl/app2.crt b/test-profiles/test_resources/ssl/app2.crt
index a8fe410..5693e43 100644
--- a/test-profiles/test_resources/ssl/app2.crt
+++ b/test-profiles/test_resources/ssl/app2.crt
@@ -1,18 +1,21 @@
 -----BEGIN CERTIFICATE-----
-MIIC4TCCAkqgAwIBAgIFAKI1xCswDQYJKoZIhvcNAQEFBQAwQTELMAkGA1UEBhMC
+MIIDZTCCAk2gAwIBAgIFALBcS6owDQYJKoZIhvcNAQENBQAwQTELMAkGA1UEBhMC
 Q0ExEDAOBgNVBAgTB09udGFyaW8xDTALBgNVBAoTBEFDTUUxETAPBgNVBAMTCE15
-Um9vdENBMB4XDTE1MDMyMDAxMjEwNVoXDTIwMDMyMDAxMjEwNVowYTELMAkGA1UE
+Um9vdENBMB4XDTE5MDIyNzE2MDcwM1oXDTI0MDIyNzE2MDcwM1owYTELMAkGA1UE
 BhMCQ0ExCzAJBgNVBAgTAk9OMRAwDgYDVQQHEwdUb3JvbnRvMQ0wCwYDVQQKEwRh
 Y21lMQwwCgYDVQQLEwNhcnQxFjAUBgNVBAMMDWFwcDJAYWNtZS5vcmcwggEiMA0G
-CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCviLTH6Vl6gP3M6gmmm0sVlCcBFfo2
-czDTsr93D1cIQpnyY1r3znBdFT3cbXE2LtHeLpnlXc+dTo9/aoUuBCzRIpi4CeaG
-gD3ggIl9Ws5hUgfxJCWBg7nhzMUlBC2C+VgIUHWHqGPuaQ7VzXOEC7xF0mihMZ4b
-wvU6wxGK2uUoruXE/iti/+jtzxjq0PO7ZgJ7GUI2ZDqGMad5OnLur8jz+yKsVdet
-XlXsOyHmHi/47pRuA115pYiIaZKu1+vs6IBl4HnEUgw5JwIww6oyTDVvXc1kCw0Q
-CtUZMcNSH2XGhh/zGM/M2Bt2lgEEW0xWTwQcT1J7wnngfbIYbzoupEkRAgMBAAGj
-QTA/MB0GA1UdDgQWBBRI+VUMRkfNYp/xngM9y720hvxmXTAJBgNVHRMEAjAAMBMG
-A1UdJQQMMAoGCCsGAQUFBwMCMA0GCSqGSIb3DQEBBQUAA4GBAJnedohhbqoY7O6o
-Am+hPScBCng/fl0erVjexL9W8l8g5NvIGgioUfjUDvGOnwB5LOoTnZUCRaLFhQFc
-GFMIjdHpg0qt/QkEFX/0m+849RK6muHT1CNlcXtCFXwPTJ+9h+1auTP+Yp/6ii9S
-U3W1dzYawy2p9IhkMZEpJaHCLnaC
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCXMCZtW+a6JxuA2fN45Ta/0ilUqfme
+r+aGG2yTtwdRkduUssBogCYq1Pxk+l4nDgNWjscgGhtxeY9nw3u+NaxFJxuQrKLu
+nnsdh+htzTUsq/iWKwcU6A4MX1aC++Ic6poTeunv6MHVdujehJOCph6zDEANjT2f
+gHHjxBMPO+fe0mEtsWwezp+xJJAOCAkMivoziQ0OopIqFSF/FhFZDK4bJFruAJJc
+0CZNBM7Ox2sNAK1cX8mxZhzWfUGQs2hfobri9J/GUlnXmN9nk6v5FybDjH6u9jcd
+9bY2f03PC9whclIzar5TiWLfg7MZHctUv2MZZWy1c7hfzktCvjW5Y7R7AgMBAAGj
+RDBCMB0GA1UdDgQWBBTzMIzbe9uahZhnVxRWUyelP3jc9TAMBgNVHRMBAf8EAjAA
+MBMGA1UdJQQMMAoGCCsGAQUFBwMCMA0GCSqGSIb3DQEBDQUAA4IBAQAJMyC3QdIH
+ZwdUYKiwAl7W89CarMjCEH960fhHAcyliGYTtRj7aMEkWpFvR16yuRHfbiE4XZ71
+ClySvZxVl9DBcpSx69PBiRELd1wpRk5YP/1mxPtS85JlRCMVG92dizL0jSvugDcp
+pfTR9ifCK9skHrHMRvsmh7w4L2YX1IJXSORjzTHTOpqLM1vDERximf16C5ZPMhbJ
+F3jP8+k74/o3gDTttR/89M8bg5Xi/7VW4CWcBZTWnp43y8UlncbWRRwYMnJ7UAva
+7Dg0un/Nu4K/ggALmzsB3x4XBMvzIFf0orhRuFqS7BCqFg5ZavpMPHwDX7dFEjIC
+BsUjFnrzaxHI
 -----END CERTIFICATE-----
diff --git a/test-profiles/test_resources/ssl/app2.req b/test-profiles/test_resources/ssl/app2.req
index cfd67b5..61235b0 100644
--- a/test-profiles/test_resources/ssl/app2.req
+++ b/test-profiles/test_resources/ssl/app2.req
@@ -1,15 +1,18 @@
 -----BEGIN NEW CERTIFICATE REQUEST-----
-MIIC1jCCAb4CAQAwYTELMAkGA1UEBhMCQ0ExCzAJBgNVBAgTAk9OMRAwDgYDVQQHEwdUb3JvbnRv
-MQ0wCwYDVQQKEwRhY21lMQwwCgYDVQQLEwNhcnQxFjAUBgNVBAMMDWFwcDJAYWNtZS5vcmcwggEi
-MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCviLTH6Vl6gP3M6gmmm0sVlCcBFfo2czDTsr93
-D1cIQpnyY1r3znBdFT3cbXE2LtHeLpnlXc+dTo9/aoUuBCzRIpi4CeaGgD3ggIl9Ws5hUgfxJCWB
-g7nhzMUlBC2C+VgIUHWHqGPuaQ7VzXOEC7xF0mihMZ4bwvU6wxGK2uUoruXE/iti/+jtzxjq0PO7
-ZgJ7GUI2ZDqGMad5OnLur8jz+yKsVdetXlXsOyHmHi/47pRuA115pYiIaZKu1+vs6IBl4HnEUgw5
-JwIww6oyTDVvXc1kCw0QCtUZMcNSH2XGhh/zGM/M2Bt2lgEEW0xWTwQcT1J7wnngfbIYbzoupEkR
-AgMBAAGgMDAuBgkqhkiG9w0BCQ4xITAfMB0GA1UdDgQWBBRI+VUMRkfNYp/xngM9y720hvxmXTAN
-BgkqhkiG9w0BAQUFAAOCAQEAIk5xvkcSXoDDsqarHHbeBsYd1WIQbbNyDB4+9GlooI/0igSy6pIm
-wulHIvmXDuMZbYx+mNmVhapEyOWC0Yq4nnAbIkFDQOZ8ac3IdwiP8rf+FziaU49CPH7PvVRmI1dO
-X/cgJobj3EytaCh1+xvDxJuRvQ3UL+MoL3KJxS+JAhH0QYT7ZoXBLfz4UHjVJn/fG4tsrAzdtjsG
-1DHiyaarUxjFqfE8IsaqaT2r1MhFVI0EXDbskCtVDf8x4RbCbBfooerkca4JbdhNfzHXVeq3NjkQ
-NhYdRwwlAWr3bWEhc3F1rHYPnN5C0tonxnz71Emt3zfzO4XYaXePQTm+3JCSEw==
+MIIC1jCCAb4CAQAwYTELMAkGA1UEBhMCQ0ExCzAJBgNVBAgTAk9OMRAwDgYDVQQH
+EwdUb3JvbnRvMQ0wCwYDVQQKEwRhY21lMQwwCgYDVQQLEwNhcnQxFjAUBgNVBAMM
+DWFwcDJAYWNtZS5vcmcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCX
+MCZtW+a6JxuA2fN45Ta/0ilUqfmer+aGG2yTtwdRkduUssBogCYq1Pxk+l4nDgNW
+jscgGhtxeY9nw3u+NaxFJxuQrKLunnsdh+htzTUsq/iWKwcU6A4MX1aC++Ic6poT
+eunv6MHVdujehJOCph6zDEANjT2fgHHjxBMPO+fe0mEtsWwezp+xJJAOCAkMivoz
+iQ0OopIqFSF/FhFZDK4bJFruAJJc0CZNBM7Ox2sNAK1cX8mxZhzWfUGQs2hfobri
+9J/GUlnXmN9nk6v5FybDjH6u9jcd9bY2f03PC9whclIzar5TiWLfg7MZHctUv2MZ
+ZWy1c7hfzktCvjW5Y7R7AgMBAAGgMDAuBgkqhkiG9w0BCQ4xITAfMB0GA1UdDgQW
+BBTzMIzbe9uahZhnVxRWUyelP3jc9TANBgkqhkiG9w0BAQ0FAAOCAQEAKstPTwyn
+rn7dC+5SeP1ww6bMp77+KdQFu7aJ3Ul2xt6ICp0GkH5motvFx+dw5im8la4NH6Y7
+ZQS9eeoT6Zfi76Ve1wSVE2Gu0k9KgGXXW8ZodKml5vK89jf/3Fsy/058coOjsUDI
+iZqGajqiZshpmIpCJP3PPGA1Db30RY93U3iJAEwJCAXhGEd7EXV5iP3HA8wzuwws
+7osIz2oixsM/6Btf0+7FBt7AtqkknuDcw1Z/ZoUc5iIpMnGTtoajXnpNs7VgpngU
+bjMhgJSEOyjZrPn1VxtP23KVWm3+aAs/3gGW058ku3NYXg9H8FLysUNackZlnxqz
+dvTNaLl4FIUgiw==
 -----END NEW CERTIFICATE REQUEST-----
diff --git a/test-profiles/test_resources/ssl/generate-java-keystores.sh b/test-profiles/test_resources/ssl/generate-java-keystores.sh
index ba51b98..f6c8e82 100755
--- a/test-profiles/test_resources/ssl/generate-java-keystores.sh
+++ b/test-profiles/test_resources/ssl/generate-java-keystores.sh
@@ -21,53 +21,53 @@
 echo "Remove existing keystore for Apache Qpid Broker-J "
 rm java_broker_keystore.jks
 echo "Re-create keystore for Apache Qpid Broker-J  by importing RootCA certificate"
-keytool -import -v -keystore java_broker_keystore.jks -storepass password -alias RootCA -file CA_db/rootca.crt 
+keytool -importcert -v -keystore java_broker_keystore.jks -keysize 2048 -storepass password -alias RootCA -file CA_db/rootca.crt -storetype pkcs12 -noprompt
 echo "Generate certificate key 'java-broker'"
-keytool -genkey -alias java-broker -keyalg RSA -sigalg SHA1withRSA -validity 720 -keystore java_broker_keystore.jks -storepass password -dname "CN=localhost, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown"
+keytool -genkey -alias java-broker -keyalg RSA -keysize 2048 -sigalg SHA512withRSA -validity 720 -keystore java_broker_keystore.jks -storepass password -dname "CN=localhost, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown"  -storetype pkcs12
 echo "Export certificate signing request"
-keytool -certreq -alias java-broker -sigalg SHA1withRSA -keystore java_broker_keystore.jks -storepass password -v -file java-broker.req
+keytool -certreq -alias java-broker -sigalg SHA512withRSA -keystore java_broker_keystore.jks -storepass password -v -file java_broker.req  -storetype pkcs12
 echo "Sign certificate by entering:"
 echo "  n for 'Is this a CA certificate [y/N]?'"
 echo "  [Enter] for 'Enter the path length constraint, enter to skip [<0 for unlimited path]: >'"
 echo "  n for 'Is this a critical extension [y/N]?'"
 echo "  password which was specified on creation root CA database."
-certutil -C -d CA_db -c "MyRootCA" -a -i java-broker.req -o java-broker.crt -2 -6 --extKeyUsage serverAuth -v 60 -Z SHA1
+certutil -C -d CA_db -c "MyRootCA" -a -i java_broker.req -o java_broker.crt -2 -6 --extKeyUsage serverAuth -v 60 -g 4096
 echo "Import signed certificate"
-keytool -import -v -alias java-broker -keystore java_broker_keystore.jks -storepass password -file java-broker.crt
+keytool -importcert -v -alias java-broker -keystore java_broker_keystore.jks -storepass password -file java_broker.crt  -storetype pkcs12 -noprompt
 echo "List keystore entries"
-keytool --list --keystore java_broker_keystore.jks -storepass password 
+keytool --list --keystore java_broker_keystore.jks -storepass password  -storetype pkcs12
 
 read -p "Press [Enter] key to continue..."
 echo "Remove existing client keystore"
 rm java_client_keystore.jks
 echo "Re-create client keystore by importing RootCA certificate"
-keytool -import -v -keystore java_client_keystore.jks -storepass password -alias RootCA -file CA_db/rootca.crt
+keytool -importcert -v -keystore java_client_keystore.jks -storepass password -alias RootCA -file CA_db/rootca.crt  -storetype pkcs12 -noprompt
 
 echo "Generate key for certificate 'app2'"
-keytool -genkey -alias app2 -keyalg RSA -sigalg SHA1withRSA -validity 720 -keystore java_client_keystore.jks -storepass password  -dname "CN=app2@acme.org, OU=art, O=acme, L=Toronto, ST=ON, C=CA"
+keytool -genkey -alias app2 -keyalg RSA -keysize 2048 -sigalg SHA512withRSA -validity 720 -keystore java_client_keystore.jks -storepass password  -dname "CN=app2@acme.org, OU=art, O=acme, L=Toronto, ST=ON, C=CA"  -storetype pkcs12
 echo "Export certificate signing request for 'app2'"
-keytool -certreq -alias app2 -sigalg SHA1withRSA -keystore java_client_keystore.jks -storepass password -v -file app2.req
+keytool -certreq -alias app2 -sigalg SHA512withRSA -keystore java_client_keystore.jks -storepass password -v -file app2.req  -storetype pkcs12
 echo "Sign certificate 'app2' by entering:"
 echo "  n for 'Is this a CA certificate [y/N]?'"
 echo "  '-1' for 'Enter the path length constraint, enter to skip [<0 for unlimited path]: >'"
 echo "  n for 'Is this a critical extension [y/N]?'"
 echo "  password which was specified on creation root CA database."
-certutil -C -d CA_db -c "MyRootCA" -a -i app2.req -o app2.crt -2 -6  --extKeyUsage clientAuth -v 60 -Z SHA1
+certutil -C -d CA_db -c "MyRootCA" -a -i app2.req -o app2.crt -2 -6  --extKeyUsage clientAuth -v 60 -Z SHA512
 echo "Import signed certificate 'app2'"
-keytool -import -v -alias app2 -keystore java_client_keystore.jks -storepass password -file app2.crt
+keytool -importcert -v -alias app2 -keystore java_client_keystore.jks -storepass password -file app2.crt  -storetype pkcs12 -noprompt
 
 echo "Generate key for certificate 'app1'"
-keytool -genkey -alias app1 -keyalg RSA -sigalg SHA1withRSA -validity 720 -keystore java_client_keystore.jks -storepass password  -dname "CN=app1@acme.org, OU=art, O=acme, L=Toronto, ST=ON, C=CA"
+keytool -genkey -alias app1 -keyalg RSA -keysize 2048 -sigalg SHA512withRSA -validity 720 -keystore java_client_keystore.jks -storepass password  -dname "CN=app1@acme.org, OU=art, O=acme, L=Toronto, ST=ON, C=CA"  -storetype pkcs12
 echo "Export certificate signing request for 'app1'"
-keytool -certreq -alias app1 -sigalg SHA1withRSA -keystore java_client_keystore.jks -storepass password -v -file app1.req
+keytool -certreq -alias app1 -sigalg SHA512withRSA -keystore java_client_keystore.jks -storepass password -v -file app1.req
 echo "Sign certificate 'app1' by entering:"
 echo "  n for 'Is this a CA certificate [y/N]?'"
 echo "  '-1' for 'Enter the path length constraint, enter to skip [<0 for unlimited path]: >'"
 echo "  n for 'Is this a critical extension [y/N]?'"
 echo "  password which was specified on creation of root CA database."
-certutil -C -d CA_db -c "MyRootCA" -a -i app1.req -o app1.crt -2 -6  --extKeyUsage clientAuth -v 60 -Z SHA1
+certutil -C -d CA_db -c "MyRootCA" -a -i app1.req -o app1.crt -2 -6  --extKeyUsage clientAuth -v 60 -Z SHA512
 echo "Import signed certificate 'app1'"
-keytool -import -v -alias app1 -keystore java_client_keystore.jks -storepass password -file app1.crt
+keytool -importcert -v -alias app1 -keystore java_client_keystore.jks -storepass password -file app1.crt  -storetype pkcs12 -noprompt
 echo "List entries in client keystore"
 keytool --list --keystore java_client_keystore.jks  -storepass password
 
@@ -75,23 +75,55 @@ read -p "Press [Enter] key to continue..."
 echo "Remove existing client truststore"
 rm java_client_truststore.jks 
 echo "Re-create client truststore by importing RootCA certificate"
-keytool -import -v -keystore java_client_truststore.jks -storepass password -alias RootCA -file CA_db/rootca.crt
+keytool -importcert -v -keystore java_client_truststore.jks -storepass password -alias RootCA -file CA_db/rootca.crt  -storetype pkcs12 -noprompt
 echo "List entries in client trusttore"
-keytool --list --keystore java_client_truststore.jks  -storepass password
+keytool --list --keystore java_client_truststore.jks  -storepass password  -storetype pkcs12
 
 read -p "Press [Enter] key to continue..."
 echo "Remove existing broker truststore"
 rm java_broker_truststore.jks
 echo "Re-create broker truststore by importing RootCA certificate"
-keytool -import -v -keystore java_broker_truststore.jks -storepass password -alias RootCA -file CA_db/rootca.crt
+keytool -importcert -v -keystore java_broker_truststore.jks -storepass password -alias RootCA -file CA_db/rootca.crt  -storetype pkcs12 -noprompt
 echo "List entries in broker truststore"
-keytool --list --keystore java_broker_truststore.jks  -storepass password
+keytool --list --keystore java_broker_truststore.jks  -storepass password  -storetype pkcs12
 
 read -p "Press [Enter] key to continue..."
 echo "Remove existing broker peerstore"
 rm java_broker_peerstore.jks 
 echo "Re-create broker peerstore by importing app1 certificate"
-keytool -import -v -keystore java_broker_peerstore.jks -storepass password -alias app1 -file app1.crt
+keytool -importcert -v -keystore java_broker_peerstore.jks -storepass password -alias app1 -file app1.crt  -storetype pkcs12 -noprompt
 echo "List entries in broker peerstore"
-keytool --list --keystore java_broker_peerstore.jks  -storepass password
+keytool --list --keystore java_broker_peerstore.jks  -storepass password  -storetype pkcs12
+
+cp java_broker_keystore.jks ../../../broker-core/src/test/resources/ssl/test_keystore.jks
+keytool -importcert -v -alias app1 -keystore ../../../broker-core/src/test/resources/ssl/test_keystore.jks -storepass password -file app1.crt  -storetype pkcs12 -noprompt
+keytool -importcert -v -alias app2 -keystore ../../../broker-core/src/test/resources/ssl/test_keystore.jks -storepass password -file app2.crt  -storetype pkcs12 -noprompt
+
+cp java_broker_keystore.jks ../../../broker-core/src/test/resources/ssl/test_pk_only_keystore.pkcs12
+keytool -delete -v -alias rootca  -keystore ../../../broker-core/src/test/resources/ssl/test_pk_only_keystore.pkcs12 -storepass password
+
+cp java_broker_keystore.jks ../../../broker-core/src/test/resources/ssl/test_cert_only_keystore.pkcs12
+keytool -delete -v -alias java-broker  -keystore ../../../broker-core/src/test/resources/ssl/test_cert_only_keystore.pkcs12 -storepass password
+
+cp java_broker_keystore.jks ../../../broker-core/src/test/resources/ssl/test_symmetric_key_keystore.pkcs12
+keytool -genseckey -alias testalias -keyalg AES -keysize 256 -storetype pkcs12 -keystore ../../../broker-core/src/test/resources/ssl/test_symmetric_key_keystore.pkcs12 -storepass password
+
+cp java_broker.req ../../../broker-core/src/test/resources/ssl/java_broker.req
+cp java_broker.crt ../../../broker-core/src/test/resources/ssl/java_broker.crt
+
+cp expired.crt ../../../broker-core/src/test/resources/ssl/expired.crt
+cp java_client_expired_keystore.jks ../../../broker-core/src/test/resources/ssl/java_client_expired_keystore.pkcs12
+cp java_broker_expired_truststore.jks ../../../broker-core/src/test/resources/ssl/java_broker_expired_truststore.pkcs12
+
+cp java_broker_peerstore.jks ../../../broker-core/src/test/resources/ssl/java_broker_peerstore.pkcs12
+cp java_broker_truststore.jks  ../../../broker-core/src/test/resources/ssl/java_broker_truststore.pkcs12
+cp java_broker_keystore.jks  ../../../broker-core/src/test/resources/ssl/java_broker_keystore.pkcs12
+cp java_broker_keystore.jks  ../../../systests/qpid-systests-http-management/src/main/resources/java_broker_keystore.jks
+cp java_client_keystore.jks  ../../../broker-core/src/test/resources/ssl/java_client_keystore.pkcs12
+cp java_client_truststore.jks  ../../../broker-core/src/test/resources/ssl/java_client_truststore.pkcs12
+
+rm java_client_untrusted_keystore.jks
+keytool -genkey -keystore java_client_untrusted_keystore.jks -keyalg RSA -keysize 2048 -sigalg SHA512withRSA -alias untrusted_client -storepass password  -storetype pkcs12 -dname "CN=untrusted_client"
+cp java_client_untrusted_keystore.jks  ../../../broker-core/src/test/resources/ssl/java_client_untrusted_keystore.pkcs12
+
 
diff --git a/test-profiles/test_resources/ssl/generate-root-ca.sh b/test-profiles/test_resources/ssl/generate-root-ca.sh
index ca14727..14d760c 100755
--- a/test-profiles/test_resources/ssl/generate-root-ca.sh
+++ b/test-profiles/test_resources/ssl/generate-root-ca.sh
@@ -19,7 +19,7 @@
 #
 
 echo "Create a new certificate database for root CA"
-rm CA_db/*
+rm -fr CA_db; mkdir CA_db
 certutil -N -d CA_db
                  
 echo "Create the self-signed Root CA certificate by entering:"
@@ -27,23 +27,23 @@ echo "  password which was specified on creation of root CA database."
 echo "  y for 'Is this a CA certificate [y/N]?'"
 echo "  [Enter] for 'Enter the path length constraint, enter to skip [<0 for unlimited path]: >'"
 echo "  n for 'Is this a critical extension [y/N]?'"
-certutil -S -d CA_db -n "MyRootCA" -s "CN=MyRootCA,O=ACME,ST=Ontario,C=CA" -t "CT,," -x -2 -Z SHA1 -v 60
+certutil -S -d CA_db -n "MyRootCA" -s "CN=MyRootCA,O=ACME,ST=Ontario,C=CA" -t "CT,," -x -2 -Z SHA512 -v 60 -g 2048
 echo "Extract the CA certificate from the CA’s certificate database to a file."
 certutil -L -d CA_db -n "MyRootCA" -a -o CA_db/rootca.crt
               
 
 echo "Create a certificate database for the Qpid Broker."
-rm server_db/*
+rm -fr server_db; mkdir server_db
 certutil -N -d server_db
 echo "Import the CA certificate into the broker’s certificate database"
 certutil -A -d server_db -n "MyRootCA" -t "TC,," -a -i CA_db/rootca.crt
 echo "Create the server certificate request"
-certutil -R -d server_db -s "CN=localhost.localdomain,O=ACME,ST=Ontario,C=CA" -a -o server_db/server.req -Z SHA1
+certutil -R -d server_db -s "CN=localhost.localdomain,O=ACME,ST=Ontario,C=CA" -a -o server_db/server.req -Z SHA512
 echo "Sign and issue a new server certificate by entering:"
 echo "  n for 'Is this a CA certificate [y/N]?'"
 echo "  '-1' for 'Enter the path length constraint, enter to skip [<0 for unlimited path]: >'"
 echo "  n for 'Is this a critical extension [y/N]?'"
 echo "  password which was specified on creation of root CA database."
-certutil -C -d CA_db -c "MyRootCA" -a -i server_db/server.req -o server_db/server.crt -2 -6  --extKeyUsage serverAuth -v 60 -Z SHA1
+certutil -C -d CA_db -c "MyRootCA" -a -i server_db/server.req -o server_db/server.crt -2 -6  --extKeyUsage serverAuth -v 60 -Z SHA512 -g 2048
 echo "Import signed certificate to the broker’s certificate database"
 certutil -A -d server_db -n localhost.localdomain -a -i server_db/server.crt -t ",,"
diff --git a/test-profiles/test_resources/ssl/java_broker.crt b/test-profiles/test_resources/ssl/java_broker.crt
index 9b88c04..4e5c086 100644
--- a/test-profiles/test_resources/ssl/java_broker.crt
+++ b/test-profiles/test_resources/ssl/java_broker.crt
@@ -1,15 +1,21 @@
 -----BEGIN CERTIFICATE-----
-MIICVzCCAcCgAwIBAgIFAJcmLgUwDQYJKoZIhvcNAQEFBQAwQTELMAkGA1UEBhMC
+MIIDbzCCAlegAwIBAgIFALBcS4MwDQYJKoZIhvcNAQELBQAwQTELMAkGA1UEBhMC
 Q0ExEDAOBgNVBAgTB09udGFyaW8xDTALBgNVBAoTBEFDTUUxETAPBgNVBAMTCE15
-Um9vdENBMB4XDTEyMDIxNzIzMzgxM1oXDTE1MDMxNzIzMzgxM1owejEQMA4GA1UE
+Um9vdENBMB4XDTE5MDIyNzE2MDY0M1oXDTI0MDIyNzE2MDY0M1owbjEQMA4GA1UE
 BhMHVW5rbm93bjEQMA4GA1UECBMHVW5rbm93bjEQMA4GA1UEBxMHVW5rbm93bjEQ
-MA4GA1UEChMHVW5rbm93bjEQMA4GA1UECxMHVW5rbm93bjEeMBwGA1UEAxMVbG9j
-YWxob3N0LmxvY2FsZG9tYWluMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC1
-OsmvebKV0zJ4/eBCyenRwwJ4Xg/NLP4unofpKb3xvlaGJY+xQnaSukXAzWnH04O4
-eLoUYBhJfVjRu7XU9XMhrLtJYjLgWkcdvnEfQPXYnM6BUnqtfFx5E5c5mWAhpb9r
-Rt2KX53t3OVxirdKS++2u3apUObJLjOwc+bf/mVbIQIDAQABoyIwIDAJBgNVHRME
-AjAAMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA0GCSqGSIb3DQEBBQUAA4GBACIRf1BV
-zsniD2qZ9eQsWPCnZ0vIuyKNBbxzXkpbEPBirQZIoY4GCgbIc38OV8SRRHInto6j
-i4G8klxth6gPHs+MbjqVzwZ0mND57JSxTpPZ+au+ZjbJO+efNfNw9hBs44fZ1Int
-DPNiQekOLGHimSDBQr8FHkMLSwTcxGsfcpU/
+MA4GA1UEChMHVW5rbm93bjEQMA4GA1UECxMHVW5rbm93bjESMBAGA1UEAxMJbG9j
+YWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAq1zWGLqSHqno
+In5HjqSLSNQb5TV7qTeoKeVGJdfP13oXMllzy4JTCiXBen3l3YhpSxqGYccyEYee
+UlMSWH1snv9kW5sh+fF8HjJrabQco+vkUqUirvotaBQP71X1V+05AFxFhWfgdINw
+Kzu6az5i2S6DWJ0Xkseuolo3cM/J+M245NJj3as0dX2bOu0qbqk4izDqqV1uiyUP
+Udn0jICC52ZLd2v9lBbUQD/ZvwMYWIiBw9pfPxvIw2OsqsKeh+I7RUoGBxDUdDvj
+lbNeJV7AmeoszI/3bHkncdCiObFMXdXmUVwcRJYDAq5eBhgK59WcwKPIqlOLismQ
+wjN4ZxxvqQIDAQABo0EwPzAdBgNVHQ4EFgQU8NpCddyhoagntgXuH6eMGKnNxJsw
+CQYDVR0TBAIwADATBgNVHSUEDDAKBggrBgEFBQcDATANBgkqhkiG9w0BAQsFAAOC
+AQEAjFSD0UPN7ZqMKA0Sk2oailI+AU11VEmwIw18sXSEFMWSH8uAgkyTOvNQv4Nu
+WHgNOx20r18bYVrTqTznRa9oM7xemtR2pKqJYUQKqvk9vcF8mY7ibK1AH1vlm/gh
+7EfEmobfwHutXyTbUppgqf4QLn9AYLokD/w0la1mxDQ5Qc5FefgxLGaN2DZALFOc
+8lcpA9E2hTau2znxMlqqrG73E6R2XoE7BVMHVemVAAvusBuuP9OW/iC/KTPDFNoy
+NnDViQfIh03aBH2N5XCcnsdsxDULh6pjdZWf9FB+8OBDKyajNdFZku7AFLkt+QIa
+FVo105jdjqfMxt8FRNuQ05vYEQ==
 -----END CERTIFICATE-----
diff --git a/test-profiles/test_resources/ssl/java_broker.req b/test-profiles/test_resources/ssl/java_broker.req
index 5aa50d9..c618dd3 100644
--- a/test-profiles/test_resources/ssl/java_broker.req
+++ b/test-profiles/test_resources/ssl/java_broker.req
@@ -1,10 +1,18 @@
 -----BEGIN NEW CERTIFICATE REQUEST-----
-MIIBujCCASMCAQAwejEQMA4GA1UEBhMHVW5rbm93bjEQMA4GA1UECBMHVW5rbm93bjEQMA4GA1UE
-BxMHVW5rbm93bjEQMA4GA1UEChMHVW5rbm93bjEQMA4GA1UECxMHVW5rbm93bjEeMBwGA1UEAxMV
-bG9jYWxob3N0LmxvY2FsZG9tYWluMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC1OsmvebKV
-0zJ4/eBCyenRwwJ4Xg/NLP4unofpKb3xvlaGJY+xQnaSukXAzWnH04O4eLoUYBhJfVjRu7XU9XMh
-rLtJYjLgWkcdvnEfQPXYnM6BUnqtfFx5E5c5mWAhpb9rRt2KX53t3OVxirdKS++2u3apUObJLjOw
-c+bf/mVbIQIDAQABoAAwDQYJKoZIhvcNAQEFBQADgYEAtFBfnlL3ZZEnFJRAzkbIMqRLHcWdIyfq
-MocOammt7Cw//4cJPIdGoJp4ZhSfZX7k5p6FExgudYwuPF7s4ex+bTI49zW44mVdyrvAiY88bUA1
-9vcpRDANN9R0z13v6OIJGW8hpua3oKz+XON6TeksjzbPkNUNt5Ya5tJAylkha0A=
+MIIC4zCCAcsCAQAwbjEQMA4GA1UEBhMHVW5rbm93bjEQMA4GA1UECBMHVW5rbm93
+bjEQMA4GA1UEBxMHVW5rbm93bjEQMA4GA1UEChMHVW5rbm93bjEQMA4GA1UECxMH
+VW5rbm93bjESMBAGA1UEAxMJbG9jYWxob3N0MIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEAq1zWGLqSHqnoIn5HjqSLSNQb5TV7qTeoKeVGJdfP13oXMllz
+y4JTCiXBen3l3YhpSxqGYccyEYeeUlMSWH1snv9kW5sh+fF8HjJrabQco+vkUqUi
+rvotaBQP71X1V+05AFxFhWfgdINwKzu6az5i2S6DWJ0Xkseuolo3cM/J+M245NJj
+3as0dX2bOu0qbqk4izDqqV1uiyUPUdn0jICC52ZLd2v9lBbUQD/ZvwMYWIiBw9pf
+PxvIw2OsqsKeh+I7RUoGBxDUdDvjlbNeJV7AmeoszI/3bHkncdCiObFMXdXmUVwc
+RJYDAq5eBhgK59WcwKPIqlOLismQwjN4ZxxvqQIDAQABoDAwLgYJKoZIhvcNAQkO
+MSEwHzAdBgNVHQ4EFgQU8NpCddyhoagntgXuH6eMGKnNxJswDQYJKoZIhvcNAQEN
+BQADggEBAHsfAScjTeIM+Mkmq7z29wl0+NdWyoDKt0PjG0/WffExGXG1FD6JrbP7
+UEeBY60WdypO9/Nx7I/sw/UOsOH297NuCMkFDitAk5/5XDVSYpywBi85XK72ODmv
+hWYn2MGP9YnfL3qOd75kpNgVBKt9+IVFFNgdUMfzDQpTQgmzdaRepM4HUuxJnNGN
+jcjA6b7rT0XQu7EJqM/Q1beJTVmwtv/3ZsBduJfksr2+fyC7wd344Equ8kfhZtd9
+YocJYdlZ//0RjWMv10hXNMD2Y+Nk4ldoFOXwv93JMcBn4Uy0TeZ9O/eI/jETT5TL
+FZUUWdHvGqN2/9L4EZ0rAyH87HpHV7I=
 -----END NEW CERTIFICATE REQUEST-----
diff --git a/test-profiles/test_resources/ssl/java_broker_expired_truststore.jks b/test-profiles/test_resources/ssl/java_broker_expired_truststore.jks
index bbbd248..9bfe301 100644
Binary files a/test-profiles/test_resources/ssl/java_broker_expired_truststore.jks and b/test-profiles/test_resources/ssl/java_broker_expired_truststore.jks differ
diff --git a/test-profiles/test_resources/ssl/java_broker_keystore.jks b/test-profiles/test_resources/ssl/java_broker_keystore.jks
index 50bb8d0..b45991f 100644
Binary files a/test-profiles/test_resources/ssl/java_broker_keystore.jks and b/test-profiles/test_resources/ssl/java_broker_keystore.jks differ
diff --git a/test-profiles/test_resources/ssl/java_broker_peerstore.jks b/test-profiles/test_resources/ssl/java_broker_peerstore.jks
index 69cdd40..a5b307f 100644
Binary files a/test-profiles/test_resources/ssl/java_broker_peerstore.jks and b/test-profiles/test_resources/ssl/java_broker_peerstore.jks differ
diff --git a/test-profiles/test_resources/ssl/java_broker_truststore.jks b/test-profiles/test_resources/ssl/java_broker_truststore.jks
index e6d556a..4184adf 100644
Binary files a/test-profiles/test_resources/ssl/java_broker_truststore.jks and b/test-profiles/test_resources/ssl/java_broker_truststore.jks differ
diff --git a/test-profiles/test_resources/ssl/java_client_expired_keystore.jks b/test-profiles/test_resources/ssl/java_client_expired_keystore.jks
index eb86509..cb9b876 100644
Binary files a/test-profiles/test_resources/ssl/java_client_expired_keystore.jks and b/test-profiles/test_resources/ssl/java_client_expired_keystore.jks differ
diff --git a/test-profiles/test_resources/ssl/java_client_keystore.jks b/test-profiles/test_resources/ssl/java_client_keystore.jks
index 941fc7e..9422d9a 100644
Binary files a/test-profiles/test_resources/ssl/java_client_keystore.jks and b/test-profiles/test_resources/ssl/java_client_keystore.jks differ
diff --git a/test-profiles/test_resources/ssl/java_client_truststore.jks b/test-profiles/test_resources/ssl/java_client_truststore.jks
index ab79b54..1b45a23 100644
Binary files a/test-profiles/test_resources/ssl/java_client_truststore.jks and b/test-profiles/test_resources/ssl/java_client_truststore.jks differ
diff --git a/test-profiles/test_resources/ssl/java_client_untrusted_keystore.jks b/test-profiles/test_resources/ssl/java_client_untrusted_keystore.jks
index 45a0c10..8b0b023 100644
Binary files a/test-profiles/test_resources/ssl/java_client_untrusted_keystore.jks and b/test-profiles/test_resources/ssl/java_client_untrusted_keystore.jks differ
diff --git a/test-profiles/test_resources/ssl/server_db/cert8.db b/test-profiles/test_resources/ssl/server_db/cert8.db
deleted file mode 100644
index f482e78..0000000
Binary files a/test-profiles/test_resources/ssl/server_db/cert8.db and /dev/null differ
diff --git a/test-profiles/test_resources/ssl/server_db/cert9.db b/test-profiles/test_resources/ssl/server_db/cert9.db
new file mode 100644
index 0000000..9a5f864
Binary files /dev/null and b/test-profiles/test_resources/ssl/server_db/cert9.db differ
diff --git a/test-profiles/test_resources/ssl/server_db/key3.db b/test-profiles/test_resources/ssl/server_db/key3.db
deleted file mode 100644
index f1edbaf..0000000
Binary files a/test-profiles/test_resources/ssl/server_db/key3.db and /dev/null differ
diff --git a/test-profiles/test_resources/ssl/server_db/key4.db b/test-profiles/test_resources/ssl/server_db/key4.db
new file mode 100644
index 0000000..f08d318
Binary files /dev/null and b/test-profiles/test_resources/ssl/server_db/key4.db differ
diff --git a/test-profiles/test_resources/ssl/server_db/pkcs11.txt b/test-profiles/test_resources/ssl/server_db/pkcs11.txt
new file mode 100644
index 0000000..440f523
--- /dev/null
+++ b/test-profiles/test_resources/ssl/server_db/pkcs11.txt
@@ -0,0 +1,5 @@
+library=
+name=NSS Internal PKCS #11 Module
+parameters=configdir='server_db' certPrefix='' keyPrefix='' secmod='secmod.db' flags= updatedir='' updateCertPrefix='' updateKeyPrefix='' updateid='' updateTokenDescription='' 
+NSS=Flags=internal,critical trustOrder=75 cipherOrder=100 slotParams=(1={slotFlags=[ECC,RSA,DSA,DH,RC2,RC4,DES,RANDOM,SHA1,MD5,MD2,SSL,TLS,AES,Camellia,SEED,SHA256,SHA512] askpw=any timeout=30})
+
diff --git a/test-profiles/test_resources/ssl/server_db/secmod.db b/test-profiles/test_resources/ssl/server_db/secmod.db
deleted file mode 100644
index 87867f4..0000000
Binary files a/test-profiles/test_resources/ssl/server_db/secmod.db and /dev/null differ
diff --git a/test-profiles/test_resources/ssl/server_db/server.crt b/test-profiles/test_resources/ssl/server_db/server.crt
index 1a87265..fb51ff1 100644
--- a/test-profiles/test_resources/ssl/server_db/server.crt
+++ b/test-profiles/test_resources/ssl/server_db/server.crt
@@ -1,14 +1,20 @@
 -----BEGIN CERTIFICATE-----
-MIICKzCCAZSgAwIBAgIFAKI1eqswDQYJKoZIhvcNAQEFBQAwQTELMAkGA1UEBhMC
+MIIDMDCCAhigAwIBAgIFALBcSo0wDQYJKoZIhvcNAQENBQAwQTELMAkGA1UEBhMC
 Q0ExEDAOBgNVBAgTB09udGFyaW8xDTALBgNVBAoTBEFDTUUxETAPBgNVBAMTCE15
-Um9vdENBMB4XDTE1MDMxOTIyMzYzOVoXDTIwMDMxOTIyMzYzOVowTjELMAkGA1UE
+Um9vdENBMB4XDTE5MDIyNzE2MDQzNFoXDTI0MDIyNzE2MDQzNFowTjELMAkGA1UE
 BhMCQ0ExEDAOBgNVBAgTB09udGFyaW8xDTALBgNVBAoTBEFDTUUxHjAcBgNVBAMT
-FWxvY2FsaG9zdC5sb2NhbGRvbWFpbjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC
-gYEAu4kNLGCxZ3cvQRqd0L6iM1zx4boj7eGlLpgysPn0sd77N8CfBMqnmWOoYafI
-H4+FPMQ3En3D0nV5qFjveNTJQtzRZZUCbF6UESeO6ghu8Rr5AnI51PIrSQPVEG1w
-0AN1TYrn5AxW3G06aVMsggk7TItFb7qkXTO1LuGUcZy1z+MCAwEAAaMiMCAwCQYD
-VR0TBAIwADATBgNVHSUEDDAKBggrBgEFBQcDATANBgkqhkiG9w0BAQUFAAOBgQAc
-w82l72VLrPNtVBp+90rNHLM6ARnghYWLceC07cwgjNItejDlLOHzExThYH5vOwFs
-b6c2KyUt198uccl5wx44HvzR5LCVnJ0JQqw4n0tS9jeztD42urYWP2ouPgqgxAvo
-zNARo6aODfF9I7sxtPhSvhECyKvkZQH4F4xVXwwvSA==
+FWxvY2FsaG9zdC5sb2NhbGRvbWFpbjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBAMZvr9ZVPPPPgXlL/3tN57SmQRD8KKbK6F2DxPKPpV3FuhPxKRLVbDTp
+VgJ6geTSQXWlcCzZ7pr+J1Z7jU8tFb963i+kpFD21Z4xcaLTaHQvyiXMXgYJ/AU+
+0AQDrQN16Bkx/nbvXCtnfahp6Li3KUffEYjjLleuP5WwUSZJQ3oR74YQOKFZiDMU
+p5iUBiFWJ6Svey5usHOzycAeQVJYF8cdbTo3BL1mNFV8Q0aFD/qOsZoKNHZR8vb1
+ioBs1P9TdNO/fai/YZVkqq3I/wY9JoN7OmSPTtThuwZniSvOqsy2zkkEqG26HOnl
+BlRWshzyPaket8j4CrxZeVB4xmIbHvcCAwEAAaMiMCAwCQYDVR0TBAIwADATBgNV
+HSUEDDAKBggrBgEFBQcDATANBgkqhkiG9w0BAQ0FAAOCAQEASvcXQIq2cyhujhoh
+DKZhenA1MqGTpWsrAo41obxVpzch/z7qrQsGUG/7qXm7XIQ8wPXKUJhQd5+ga5U0
+YV/QNu8Kz+5rxgCxv/hqHaajNfeOs8C3Oxk1IIg+9OC2bIRmR9SF84XBM2YrJuTe
+BlGszTNnOXQGoR0gOMl2EH+4kh00vVnRwrsSGHEWNqNprPFgauZ14bvCeeFJhsYd
+IjmrQgbGvt4463Kaw4gUstSrwQGOTGjqhEcUR6MER83HzDu0qoAHtQLNXh1NJ3M0
+BQg6Aaral1kfgWKbB88SgAAPMHBzIqG1ubYmRykEf+G6OOgBACp1CSiCskbJ59Wc
+2tbblQ==
 -----END CERTIFICATE-----
diff --git a/test-profiles/test_resources/ssl/server_db/server.req b/test-profiles/test_resources/ssl/server_db/server.req
index 9eaa228..f2042ce 100644
--- a/test-profiles/test_resources/ssl/server_db/server.req
+++ b/test-profiles/test_resources/ssl/server_db/server.req
@@ -9,13 +9,18 @@ State: Ontario
 Country: CA
 
 -----BEGIN NEW CERTIFICATE REQUEST-----
-MIIBjTCB9wIBADBOMQswCQYDVQQGEwJDQTEQMA4GA1UECBMHT250YXJpbzENMAsG
-A1UEChMEQUNNRTEeMBwGA1UEAxMVbG9jYWxob3N0LmxvY2FsZG9tYWluMIGfMA0G
-CSqGSIb3DQEBAQUAA4GNADCBiQKBgQC7iQ0sYLFndy9BGp3QvqIzXPHhuiPt4aUu
-mDKw+fSx3vs3wJ8EyqeZY6hhp8gfj4U8xDcSfcPSdXmoWO941MlC3NFllQJsXpQR
-J47qCG7xGvkCcjnU8itJA9UQbXDQA3VNiufkDFbcbTppUyyCCTtMi0VvuqRdM7Uu
-4ZRxnLXP4wIDAQABoAAwDQYJKoZIhvcNAQEFBQADgYEAtuJ9b0OgbijExb/AQlbS
-kw4s28SwMqyMdgt+kUJHaDV+sEtlzzdv7jS0uKtoElBI7+MiYbtGzcqvdPGc147Q
-T6Lk7AMcBrjRFLxuBnAi+Bdh7O6PUUKL9CREAae1QiVOFfXkD07Az9YDLYhe+ZsJ
-qLYrWDGTMRXXsKU3JWIy5M4=
+MIICkzCCAXsCAQAwTjELMAkGA1UEBhMCQ0ExEDAOBgNVBAgTB09udGFyaW8xDTAL
+BgNVBAoTBEFDTUUxHjAcBgNVBAMTFWxvY2FsaG9zdC5sb2NhbGRvbWFpbjCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMZvr9ZVPPPPgXlL/3tN57SmQRD8
+KKbK6F2DxPKPpV3FuhPxKRLVbDTpVgJ6geTSQXWlcCzZ7pr+J1Z7jU8tFb963i+k
+pFD21Z4xcaLTaHQvyiXMXgYJ/AU+0AQDrQN16Bkx/nbvXCtnfahp6Li3KUffEYjj
+LleuP5WwUSZJQ3oR74YQOKFZiDMUp5iUBiFWJ6Svey5usHOzycAeQVJYF8cdbTo3
+BL1mNFV8Q0aFD/qOsZoKNHZR8vb1ioBs1P9TdNO/fai/YZVkqq3I/wY9JoN7OmSP
+TtThuwZniSvOqsy2zkkEqG26HOnlBlRWshzyPaket8j4CrxZeVB4xmIbHvcCAwEA
+AaAAMA0GCSqGSIb3DQEBDQUAA4IBAQB65l4W5FqmHN0KIPS81qwdpncPw0XLM5Wf
+dVY8Q0GZ9AWm5pTBl472AdoL/2FtQEsLnIfDDR9WFDfREqP2grO+98vbMPofNLPH
+es9dOEXRAGMziqFUhFofyWIXZUBQI9nWn9kuNZRtK2JfftG+eMtT8KlibFgVdaHc
+C8/HwlnmoQVtXQeqnEMYK8hN1+4hp9OzwkiwSMBpTNtB9jejnYQe4U2DnWpWD1ko
+w0kAQpb36zSOkZZ0ZMaT7aTLpDmsOvj6bAj6nUxjcGFvSqVIaxyQb2y0JflM+IN7
+K0PL2I1Wi2AGA3WlBs/nY+Ol2NfcD/nsdZdtVNn6WV9DsfnyfS6L
 -----END NEW CERTIFICATE REQUEST-----


---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@qpid.apache.org
For additional commands, e-mail: commits-help@qpid.apache.org


Mime
View raw message