It appears that my problem was due to the cert and keystores supplied with my 5.1.0 installation. When I generated my keystore I did not specify a CN. However there was a CN in the keystore with the value "localhost" from the installation. I guess the broker just used the first cert under the alias "broker" which would have been the older, and expired CN of "localhost".
Removing conf/broker.ks and re-generating it along with exporting a cert made things work perfectly. On Mac OS X I also chose to install the cert system wide using the command: sudo keytool -import -alias broker -keystore /Library/Java/Home/lib/security/cacerts -file /Applications/apache-activemq-5.1.0/conf/broker.cert The only downside with this approach is that system upgrades could potentially override the certs. BTW: it'd be nice to have the ActiveMQ wiki updated in respect of SSL - perhaps a mention to remove the existing keystore first would be useful. :-) -- View this message in context: http://www.nabble.com/Mac-OS-X-Active-MQ-SSL-tp22428287p22432178.html Sent from the ActiveMQ - User mailing list archive at Nabble.com.