qpid-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joe Porto <Joe.Po...@agilex.com>
Subject Re: SSL connection problems from rabbitMQ client
Date Fri, 11 Nov 2011 22:13:26 GMT
I'm assuming you imported those files into your keystore…. When I do that, I'm getting the
following error:

 Certificate not imported, alias <RootCA> already exists

I've tried running:  keytool -delete -alias RootCA

But, I get an exception:  keystore file does not exist….. I've been messing around with
trying to tell it which keystore, but I don't know which keystore it's complaining about?

Keystore –list returns an error saying keystore file does not exist… (and the path to
follow doesn't exist…)

Joe

From: Robbie Gemmell <robbie.gemmell@gmail.com<mailto:robbie.gemmell@gmail.com>>
Date: Thu, 10 Nov 2011 18:10:53 -0500
To: Joe Porto <joe.porto@agilex.com<mailto:joe.porto@agilex.com>>
Cc: "users@qpid.apache.org<mailto:users@qpid.apache.org>" <users@qpid.apache.org<mailto:users@qpid.apache.org>>
Subject: Re: SSL connection problems from rabbitMQ client

Are you just using the files created from that guide directly? If so
that could be the problem, since you need to import the certificate /
key into a truststore / keystore file before using them, e.g. using
the keytool command bundled with the JDK.

Robbie

On 10 November 2011 22:21, Joe Porto <Joe.Porto@agilex.com<mailto:Joe.Porto@agilex.com>>
wrote:
Ah I read your response too quickly!  I enabled the use SSL setting to true
in the config.xml…and I used the keystore and truststore  that I created
myself following this website:
 http://www.akadia.com/services/ssh_test_certificate.html
I'll give the sample ones a shot…

Joe

From: Robbie Gemmell <robbie.gemmell@gmail.com<mailto:robbie.gemmell@gmail.com>>

Date: Thu, 10 Nov 2011 16:48:32 -0500
To: Joe Porto <joe.porto@agilex.com<mailto:joe.porto@agilex.com>>
Cc: "users@qpid.apache.org<mailto:users@qpid.apache.org>" <users@qpid.apache.org<mailto:users@qpid.apache.org>>
Subject: Re: SSL connection problems from rabbitMQ client

Erm, so was I ? :)
Robbie
On 10 November 2011 21:26, Joe Porto <Joe.Porto@agilex.com<mailto:Joe.Porto@agilex.com>>
wrote:

I was using a Qpid Broker…
Joe
From: Robbie Gemmell <robbie.gemmell@gmail.com<mailto:robbie.gemmell@gmail.com>>
Date: Thu, 10 Nov 2011 16:20:54 -0500
To: Joe Porto <joe.porto@agilex.com<mailto:joe.porto@agilex.com>>
Cc: "users@qpid.apache.org<mailto:users@qpid.apache.org>" <users@qpid.apache.org<mailto:users@qpid.apache.org>>
Subject: Re: SSL connection problems from rabbitMQ client
Hi Joe,
I just tried out connecting the RabbitMQ client using SSL to the
latest trunk revision of the Java broker, and it seemed to work ok
(well, it did make me notice that when we changed IO layers for the
broker and some protocols for the client recently that we missed a
limitation of SSLSocket that mean ConnectionClose currently generates
a nice stacktrace...but other than that, it works). Deliberately
making the client connect to the brokers 'plain' port failed as
expected, as did setting the client not to use SSL and connecting it
to the brokers SSL port. As well as the simpler 'no verification'
example you were using, I used an exapanded example based on those at
http://www.rabbitmq.com/ssl.html (the Java broker doesnt currently
support validating client certificates so I removed those bits).
Could you share how you are configuring the broker, and creating your
certificates? I used the broker keystore and client truststore we use
in our tests, which are located at
qpid/java/test-profiles/test_resources/ssl/java_broker_keystore.jks
and qpid/java/test-profiles/test_resources/ssl/java_client_truststore.jks
in a checkout of our trunk
(http://svn.apache.org/repos/asf/qpid/trunk/)
Regards,
Robbie
On 9 November 2011 20:45, Joe Porto <Joe.Porto@agilex.com<mailto:Joe.Porto@agilex.com>>
wrote:
I don't know… only have been playing with the qpid broker….
From: Robbie Gemmell <robbie.gemmell@gmail.com<mailto:robbie.gemmell@gmail.com>>
Date: Wed, 9 Nov 2011 15:44:04 -0500
To: "users@qpid.apache.org<mailto:users@qpid.apache.org>" <users@qpid.apache.org<mailto:users@qpid.apache.org>>
Cc: Joe Porto <joe.porto@agilex.com<mailto:joe.porto@agilex.com>>
Subject: Re: SSL connection problems from rabbitMQ client
Interesting. This isnt a combination that I have tried before, but I
dont know any obvious reason it wouldnt work. I will try to take a
look at it, but it isnt likely to be for a few days at best. The
default example broker config was changed to use port 5671 because
that is the assigned port for AMQP + SSL, I dont know where the number
previously [not] used in the config came from.
Out of interest, do you know if the client SSL example works ok when
using the RabbitMQ broker?
Robbie
On 8 November 2011 20:55, Joe Porto <Joe.Porto@agilex.com<mailto:Joe.Porto@agilex.com>>
wrote:
Hi Robbie,
Thanks for the quick feedback.  I installed the .15 version and enabled the
configuration to use SSL (interesting they changed the port to 5671).  It
still fails from the client side at the same point (when it's trying to send
the header) , but this time it doesn't throw an error in the server log.
Thoughts?
Joe
From: Robbie Gemmell <robbie.gemmell@gmail.com<mailto:robbie.gemmell@gmail.com>>
Reply-To: "users@qpid.apache.org<mailto:users@qpid.apache.org>" <users@qpid.apache.org<mailto:users@qpid.apache.org>>
Date: Tue, 8 Nov 2011 15:16:04 -0500
To: "users@qpid.apache.org<mailto:users@qpid.apache.org>" <users@qpid.apache.org<mailto:users@qpid.apache.org>>
Subject: Re: SSL connection problems from rabbitMQ client
Put simply, SSL support in the broker wasnt functional until after
0.12 was finalised. It was fixed as part of the development stream for
0.14, which branched from trunk a few days ago for release in around a
month.
You will need to use a non-release version if you want to make it work
in the mean time. You can get a nightly release build of the current
trunk broker at the following URL if you want to at least try it out:
https://builds.apache.org/view/M-R/view/Qpid/job/Qpid-Java-Release/lastSuccessfulBuild/artifact/trunk/qpid/java/broker/release/
Robbie
On 8 November 2011 19:42, Joe Porto <Joe.Porto@agilex.com<mailto:Joe.Porto@agilex.com>>
wrote:
I am running the .12 release of a java qpid broker.  I am trying to access
it via a rabbitmq java client.  When not using SSL, this works well and I am
able to send and receive a msg on the client. When I enable SSL and try to
connect to the SSL port on the broker, I get a SocketTimeOutException on the
client side.  Tracing through the rabbitMQ code – it looks like this occurs
when the client tries sending just the AMQP header.  On the qpid broker,
this error is thrown in the log:
ERROR [MINANetworkDriver(Acceptor)-15] (MINANetworkDriver.java:315) -
Exception thrown and no ProtocolEngine to handle it
java.lang.NullPointerException
at
org.apache.qpid.transport.network.mina.MINANetworkDriver.messageReceived(MINANetworkDriver.java:337)
at
org.apache.mina.common.support.AbstractIoFilterChain$TailFilter.messageReceived(AbstractIoFilterChain.java:703)
at
org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(AbstractIoFilterChain.java:362)
at
org.apache.mina.common.support.AbstractIoFilterChain.access$1200(AbstractIoFilterChain.java:54)
at
org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceived(AbstractIoFilterChain.java:800)
at
org.apache.mina.filter.executor.ExecutorFilter.processEvent(ExecutorFilter.java:243)
at
org.apache.mina.filter.executor.ExecutorFilter$ProcessEventsRunnable.run(ExecutorFilter.java:305)
at
edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:665)
at
edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:690)
at java.lang.Thread.run(Thread.java:680)
---------------------------
My sample client code looks like this: (the client hangs on
factory.newConnection();, and eventually the socket times out)
ConnectionFactory factory = new ConnectionFactory();
factory.setHost("10.1.21.21");
factory.setPort(8672);
factory.setVirtualHost("10.1.21.21");
factory.useSslProtocol("TLS");
Connection conn = factory.newConnection();
Channel channel = conn.createChannel();
…
---------------------
Any help would be greatly appreciated!
-Joe
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project:      http://qpid.apache.org
Use/Interact: mailto:users-subscribe@qpid.apache.org







Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message