qpid-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jakub Scholz <ja...@scholz.cz>
Subject Re: Unable to Setup SSL between Java Client and C++ broker
Date Mon, 03 Sep 2012 16:35:29 GMT
Can you try to run the client with the SSL debug mode? (option
-Djavax.net.debug=ssl ...
http://docs.oracle.com/javase/1.5.0/docs/guide/security/jsse/ReadDebug.html)
I'm usually using this SSL debug mode with our customers when they
have SSL problems. It sometimes shows bit more details why the SSL
doesn't work ...

Do you see any NSS error on the Qpid broker?

Regards
Jakub

On Mon, Sep 3, 2012 at 6:20 PM, maverick_muguda
<naveenkumar.muguda@gmail.com> wrote:
> the connectionURL i am using is
> amqp://guest:guest@clientid/test?brokerlist='tcp://machine-name.us-west-1.compute.amazonaws.com:5674?ssl='true''
>
> I have ensured that the right machine is used.
>
> the trust store i am using has both the client certificate as well as the CA
> certificate
>
> "
> keytool -list -keystore trust-store.jks -storepass password
>
> Keystore type: JKS
> Keystore provider: SUN
>
> Your keystore contains 2 entries
>
> rootca, Sep 3, 2012, trustedCertEntry,
> Certificate fingerprint (MD5):
> 83:0E:47:F0:6F:00:63:BB:05:B6:8D:E2:F4:8B:E8:3D
> java-client, Sep 3, 2012, trustedCertEntry,
> Certificate fingerprint (MD5):
> C2:4E:DF:D8:60:39:58:B5:BB:64:C8:25:21:E4:42:80
>
> "
>
> I followed the instructions in 2.4 and did an additional step of importing
> the CA's certificate into the keystore. which can be verified from the
> output
>
> "keytool -list -keystore key-store.jks -storepass password
>
> Keystore type: JKS
> Keystore provider: SUN
>
> Your keystore contains 2 entries
>
> rootca, Sep 3, 2012, trustedCertEntry,
> Certificate fingerprint (MD5):
> 83:0E:47:F0:6F:00:63:BB:05:B6:8D:E2:F4:8B:E8:3D
> java-client, Sep 3, 2012, PrivateKeyEntry,
> Certificate fingerprint (MD5):
> C2:4E:DF:D8:60:39:58:B5:BB:64:C8:25:21:E4:42:80
> "
>
> In spite of all of these changes, the original problem of "PKIX path
> building failed: sun.security.provider.certpath.SunCertPathBuilderException:
> unable to find valid certification path to requested target" remains. I have
> rerun all the steps from
> http://rajith.2rlabs.com/2010/03/01/apache-qpid-securing-connections-with-ssl/
> SSL-Howto  page.
>
> Please suggest any relevant debugging/modifications.
>
> Thanks,
> Naveen
>
>
>
> --
> View this message in context: http://qpid.2158936.n2.nabble.com/Unable-to-Setup-SSL-between-Java-Client-and-C-broker-tp7581558p7581610.html
> Sent from the Apache Qpid users mailing list archive at Nabble.com.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
> For additional commands, e-mail: users-help@qpid.apache.org
>

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
For additional commands, e-mail: users-help@qpid.apache.org


Mime
View raw message