Hi, I have a broker application which needs to connect to another broker using fake certificates. Therefore I followed the instructions on activeMq website and created certificates and imported them as described in the tutorial:
http://activemq.apache.org/how-do-i-use-ssl.html ActiveMQ SSL HowTo When I set system wide properties as follows, it works fine: javax.net.ssl.keyStore=/path/to/client.ks javax.net.ssl.keyStorePassword=password javax.net.ssl.trustStore=/path/to/client.ts However my broker also needs to connect using SSL in other unrelated parts of the application and since I have overridden the default keystores, I am having problems since I have overridden the default java keystore. In the tutorial it offers a solution on the broker side of things to get around this by using the "sslContext" property in the broker. However it does not offer a solution from the client's perspective. I tried downloading the 2nd patch from: http://issues.apache.org/activemq/browse/AMQ-1754 http://issues.apache.org/activemq/browse/AMQ-1754 so that I can set the Keystore and Truststores on the factory level but this simply did not work. It looks like even though I override the ConnectionFactory, it is never used. I am setting up the following Beans from spring so that I can connect via Camel. Notice I have overridden the ActiveMQConnectionFactory with the patch: <bean id = "sslConnectionFactory" class="com.downloadedfrom.amq1754.ActiveMQSslConnectionFactoryx"> <property name="brokerURL" value="failover:(ssl:remoteHostBroker:1818)?startupMaxReconnectAttempts=5&initialReconnectDelay=1000&useExponentialBackOff=true" /> <property name="userName" value="${jms.username}" /> <property name="password" value="${jms.password}" /> <property name="keyStore" value="../config/client.ks" /> <property name="keyStorePassword" value="password" /> <property name="trustStore" value="../config/client.ts" /> <property name="trustStorePassword" value="password" /> </bean> <!-- Queue conneciton so that Camel can use the connection--> <bean id="myJmsComponent" class="org.apache.activemq.camel.component.ActiveMQComponent"> <property name="connectionFactory"> <bean id="conxFactory" factory-bean="sslConnectionFactory" factory-method="getInstance"/> </property> </bean> I modified the patch slightly so that it can be instantiated from Spring, here is my modified version. http://old.nabble.com/file/p27824328/ActiveMQSslConnectionFactoryx.java ActiveMQSslConnectionFactoryx.java When I try to connect, I always get this error which indicates that the certificate is not found: Could not refresh JMS Connection for destination '2eQueue' - retrying in 5000 ms. Cause: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderExcepti on: unable to find valid certification path to requested target Does anyone have an idea how I can specify the trust and keystores on a specific connection rather than having to rely on the System wide properties? Thanks and BRegards Andrew -- View this message in context: http://old.nabble.com/Client-side-SSL-with-specified-Key-and-Truststores-tp27824328p27824328.html Sent from the ActiveMQ - User mailing list archive at Nabble.com.
