Hi! 

I'm trying to get ActiveMQ 4.1.2 working with
jaasCertificateAuthenticationPlugin. As a result
JaasCertificateAuthenticationBroker class at line 75 throws
SecurityException. I'm a bit confused because I was unable to find any info
regarding this exception. As well plain SSL connection is established well
and is working - certificates and keys are defined for ActiveMQ in SSL_OPTS
environment variable:

SSL_OPTS=-Djavax.net.ssl.keyStorePassword=<password>
-Djavax.net.ssl.keyStore="path\broker.ks"

and for options are passed as JVM arguments as follows:

-Djavax.net.ssl.keyStore="path\client.ks"
-Djavax.net.ssl.keyStorePassword="<password>"
-Djavax.net.ssl.trustStore="path\client.ts"

and client connection which is created using Spring xml configuration is
defined like this:

<amq:connectionFactory id="jmsConnectionFactory" userName="system"
password="manager" brokerURL="ssl://127.0.0.1:61617"/>

accordingly it looks like jaas configuration files (located in
{$ACTIVEMQ_BASE}/conf) are correctly picked up by ActiveMQ:
-------------
login.ocnfiguration:

activemq-domain {
    org.apache.activemq.jaas.PropertiesLoginModule required
        debug=true
        org.apache.activemq.jaas.properties.user="users.properties"
        org.apache.activemq.jaas.properties.group="groups.properties";
};
-------------
users.properties:

system=manager
user=password
guest=password
-------------
groups.properties:

admins=system
tempDestinationAdmins=system,user
users=system,user
guests=guest
-------------

at last activemq.xml - configuration file holds theese lines:
<plugins>
        <jaasCertificateAuthenticationPlugin/> 
</plugins>

as I've read in  http://activemq.apache.org/security.html
http://activemq.apache.org/security.html 

if no configuration is defined by default "login.configuration" file will be
picked up and used.

So the main question how should I pass certificate to ActiveMQ server if JVM
args are not sufficient? 
-- 
View this message in context: 
http://www.nabble.com/Unable-to-authenticate-transport-without-SSL-certificate-tp18979774p18979774.html
Sent from the ActiveMQ - User mailing list archive at Nabble.com.

Reply via email to