qpid-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Gordon Sim <g...@redhat.com>
Subject Re: SSL between c++ brokers?
Date Tue, 11 Sep 2012 08:17:26 GMT
On 09/10/2012 08:22 PM, ParkiratBagga wrote:
> I have 2 c++ brokers in 2 machines.
>
> I have setup CA and made the certificates for both the c++ brokers. Also, I
> have added the parameters like transport, ssl-cert-db, ssl-port, and
> ssl-password-file to the config file.
>
> While setting up the queue route between 2 servers:
>
> 1. If, I give the destination:<ssl port> source:<ssl port>, I am not able
to
> set the route due to timeout.
> 2. Therefore, I am routing messages using queue route with
> "destination:<qpid port> source:<qpid port> and transport option as *ssl*".
>
> Is this correct?

In 2., is the port the ssl port? If so that is right. You need to 
specify the ssl port _and_ specify ssl as the transport.

> Also, when message get routed, I don't see, SSL is being used anywhere in
> between.

So messages are being routed correctly? But you are not seeing any SSL 
traffic (I assume through some network monitoring tool)?

Do you already have a non-ssl route in place. If so you may need to 
remove that to ensure that messages are routed over SSL.

> 1. Have I configured it correctly?
> 2. Did I missed something?
> 3. Can you help me with pointers, how to setup ssl between brokers?

First step I would recommend is to ensure a regular client can connect 
to the 'remote' broker using the 'local' brokers certificate database. 
That lets you test the configuration in a slightly simpler fashion.

The other suggestion is to look at the logs and see if there are any errors.

There is a test script that is run as part of make check, that sets up 
SSL based federation and it may be useful as an example (though its not 
written as an example specifically):

http://svn.apache.org/viewvc/qpid/trunk/qpid/cpp/src/tests/sasl_fed_ex?view=markup


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
For additional commands, e-mail: users-help@qpid.apache.org


Mime
View raw message