qpid-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jjw tectec <jjw.tec...@gmail.com>
Subject Re: ssl not working
Date Wed, 27 Jan 2016 23:30:47 GMT
Thanks for your message Chuck. The following was the trace I obtained from
the broker:

2016-01-27 17:17:40 [Network] trace Accepting connection with optional SSL
wrapper.
2016-01-27 17:17:40 [Network] trace Accepted SSL connection.
2016-01-27 17:17:40 [Network] info Set TCP_NODELAY on connection to
127.0.0.1:49963
2016-01-27 17:17:40 [System] error Error reading socket: Success(0)
2016-01-27 17:17:40 [System] debug DISCONNECTED
[qpid.127.0.0.1:5671-127.0.0.1:49963]

By the way, in my original email I forgot to mentioned that I had
SSL-related environment variables set up at the client side also (in case
somebody thinks that might be the missing piece in the puzzle):
QPID_SSL_CERT_DB
QPID_SSL_CERT_PASSWORD
QPID_SSL_CERT_NAME

Still seeing the same issue: "qpid-send: Connect failed to
amqp:ssl:localhost:5671: Reconnect disabled"

jjw

On Wed, Jan 27, 2016 at 4:51 PM, Chuck Rolke <crolke@redhat.com> wrote:

> On both the broker and client end you can get some information from
> logging.
>
> export QPID_LOG_ENABLE=trace+
> then qpidd and qpid-send
>
> ----- Original Message -----
> > From: "jjw tectec" <jjw.tectec@gmail.com>
> > To: users@qpid.apache.org
> > Sent: Wednesday, January 27, 2016 5:02:24 PM
> > Subject: ssl not working
> >
> > I'm trying to add encryption, but couldn't get things to work.
> >
> > I've done the following (for a single broker scenario):
> >
> > 1) Ran the following script to create a certificate database:
> > mkdir ${CERT_DIR}
> > certutil -N -d ${CERT_DIR} -f ${CERT_PW_FILE}
> > certutil -S -d ${CERT_DIR} -n ${NICKNAME} -s "CN=${NICKNAME}" -t "CT,,"
> -x
> > -f ${CERT_PW_FILE} -z /usr/bin/certutil
> >
> > 2) in qpidd.conf:
> > require-encryption=yes
> > ssl-cert-db=${CERT_DIR}
> > ssl-cert-password-file=${CERT_PW_FILE}
> > ssl-cert-name=${NICKNAME}
> > ssl-port=5671
> >
> > However, when running the following:
> > qpid-send -b localhost:5671 -a 'TestQueue; {node:{type:queue}}'
> > --content-string "hello" --connection-options
> > "{transport:ssl,protocol:amqp1.0}"
> > I got "*qpid-send: Connect failed to amqp:ssl:localhost:5671: Reconnect
> > disabled*"
> >
> > What am I missing?
> >
> > Thanks,
> >
> > jjw
> >
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
> For additional commands, e-mail: users-help@qpid.apache.org
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message