qpid-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Adel Boutros <adelbout...@live.com>
Subject RE: [Qpid Java Broker-6.0.0] Using SSL with JMS clients for AMQP‏
Date Thu, 02 Jun 2016 14:52:35 GMT



Hello Jakub,Indeed that was the issue. I turned off "Client Certificate".Now I have an exception
about SASL. Can I use SSL without SASL? Is it because I am using an "External" authentication
provider?Exception in thread "main" javax.jms.JMSSecurityException: Could not find a suitable
SASL mechanism for the remote peer using the available credentials.	at org.apache.qpid.jms.provider.amqp.AmqpSaslAuthenticator.handleSaslInit(AmqpSaslAuthenticator.java:120)
at org.apache.qpid.jms.provider.amqp.AmqpSaslAuthenticator.authenticate(AmqpSaslAuthenticator.java:87)
at org.apache.qpid.jms.provider.amqp.AmqpProvider.processSaslAuthentication(AmqpProvider.java:827)
at org.apache.qpid.jms.provider.amqp.AmqpProvider.processUpdates(AmqpProvider.java:814)	at
org.apache.qpid.jms.provider.amqp.AmqpProvider.access$1900(AmqpProvider.java:92)	at org.apache.qpid.jms.provider.amqp.AmqpProvider$17.run(AmqpProvider.java:701)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471)	at java.util.concurrent.FutureTask.run(FutureTask.java:262)
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:178)
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:292)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:744)Regards,Adel
> Date: Thu, 2 Jun 2016 16:36:28 +0200
> Subject: Re: [Qpid Java Broker-6.0.0] Using SSL with JMS clients for AMQP‏
> From: jakub@scholz.cz
> To: users@qpid.apache.org
> 
> The bad_certificate error means that the broker doesn't like the client SSL
> certificate.
> 
> What kind of SSL authentication do you want? It looks like you configured
> the port on the broker in a way that it requires SSL client authentication
> (using the fields Need SSL Client Certificate: Yes and Want SSL Client
> Certificate: Yes). But in the client you seem to define only the truststore
> which contains the broker public key. Maybe you can try to switch the
> client authentication off in the broker.
> 
> Running the client with system property javax.net.debug set to "ssl" would
> produce a nice detailed SSL log which can help further.
> 
> Regards
> Jakub
> 
> On Thu, Jun 2, 2016 at 4:10 PM, Adel Boutros <adelboutros@live.com> wrote:
> 
> > Hello,
> >
> > I have generated a certificate for my machine using openssl 1.0.2 (openssl
> > req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -nodes).
> >
> > I have created a new Authentication Provider of type "External".
> >
> > I have created a new KeyStore of type "Non Java Key Store" and uploaded the
> > private key and certificate generated by the previous step.
> >
> > I have created a new TrustStore of type "Non Java Key Store" and uploaded
> > the certificate generated by the first step.
> >
> > I have created an AMQP port with the following configuration
> >         Name: AMQPS
> >         Port Type: AMQP
> >         Port Number: 10400
> >         Protocols: AMQP_1_0
> >         Authentication Provider: sslWithTlsProvider
> >         Binding address: *
> >         Transports: SSL
> >         Key Store: SslCertificateStore
> >         Need SSL Client Certificate: Yes
> >         Want SSL Client Certificate: Yes
> >         Trust Stores: SSLTrustStore
> >         Number of connection threads: 8
> >
> > I restarted the broker after all of this configuration.
> >
> > Now, I want to have a JMS consumer connect to this broker using SSL. I
> > couldn't find any documentation about it beside the doc page
> > (https://qpid.apache.org/releases/qpid-jms-0.8.0/docs/index.html) which
> > doesn't provide an example or detailed information.
> >
> > I created a trustStore for the JMS client and added the certificate to it
> > (keytool -import -file cert.pem --keystore D:\qpid-broker\myTrustStore) but
> > it isn't working
> >
> > Can you please help me setup a working example?
> >
> > PS: I am using Non Java stores becasue I will have Proton-c clients later
> > on.
> >
> > public static void main(String[] args) throws JMSException {
> >     System.setProperty("javax.net.ssl.trustStore",
> > "D:\\qpid-broker\\myTrustStore");
> >     System.setProperty("javax.net.ssl.trustStorePassword", "password");
> >     ConnectionFactory connectionFactory = new
> > JmsConnectionFactory("amqps://aboutros:10400");
> >     Connection connection = connectionFactory.createConnection();
> > }
> >
> > Error: javax.net.ssl.SSLException: Received fatal alert: bad_certificate
> >
> > Regards,
> > Adel
> >
> >
> >
> > --
> > View this message in context:
> > http://qpid.2158936.n2.nabble.com/Qpid-Java-Broker-6-0-0-Using-SSL-with-JMS-clients-for-AMQP-tp7644953.html
> > Sent from the Apache Qpid users mailing list archive at Nabble.com.
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
> > For additional commands, e-mail: users-help@qpid.apache.org
> >
> >

 		 	   		  
Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message