Hi, I just created an enhancement request to allow configuring clients with <sslContext> tag - https://issues.apache.org/activemq/browse/AMQ-2642
I haven't looked at the AMQ-1754 patch yet, but this message usually appears when certificates cannot be found. Are you sure you have keystore/trustore in the right places? Cheers -- Dejan Bosanac - http://twitter.com/dejanb Open Source Integration - http://fusesource.com/ ActiveMQ in Action - http://www.manning.com/snyder/ Blog - http://www.nighttale.net On Mon, Mar 8, 2010 at 6:07 PM, ee7arh <andrew.hu...@2e-systems.com> wrote: > > Hi, > > I have a broker application which needs to connect to another broker using > fake certificates. Therefore I followed the instructions on activeMq > website > and created certificates and imported them as described in the tutorial: > > http://activemq.apache.org/how-do-i-use-ssl.html ActiveMQ SSL HowTo > > When I set system wide properties as follows, it works fine: > > javax.net.ssl.keyStore=/path/to/client.ks > javax.net.ssl.keyStorePassword=password > javax.net.ssl.trustStore=/path/to/client.ts > > However my broker also needs to connect using SSL in other unrelated parts > of the application and since I have overridden the default keystores, I am > having problems since I have overridden the default java keystore. > > In the tutorial it offers a solution on the broker side of things to get > around this by using the "sslContext" property in the broker. However it > does not offer a solution from the client's perspective. > > I tried downloading the 2nd patch from: > > http://issues.apache.org/activemq/browse/AMQ-1754 > http://issues.apache.org/activemq/browse/AMQ-1754 > > so that I can set the Keystore and Truststores on the factory level but > this > simply did not work. It looks like even though I override the > ConnectionFactory, it is never used. > > I am setting up the following Beans from spring so that I can connect via > Camel. Notice I have overridden the ActiveMQConnectionFactory with the > patch: > > <bean id = "sslConnectionFactory" > class="com.downloadedfrom.amq1754.ActiveMQSslConnectionFactoryx"> > <property name="brokerURL" > > value="failover:(ssl:remoteHostBroker:1818)?startupMaxReconnectAttempts=5&initialReconnectDelay=1000&useExponentialBackOff=true" > /> > <property name="userName" value="${jms.username}" /> > <property name="password" value="${jms.password}" /> > <property name="keyStore" value="../config/client.ks" /> > <property name="keyStorePassword" value="password" /> > <property name="trustStore" value="../config/client.ts" /> > <property name="trustStorePassword" value="password" /> > </bean> > > <!-- Queue conneciton so that Camel can use the connection--> > <bean id="myJmsComponent" > class="org.apache.activemq.camel.component.ActiveMQComponent"> > <property name="connectionFactory"> > <bean id="conxFactory" > factory-bean="sslConnectionFactory" > factory-method="getInstance"/> > </property> > </bean> > > I modified the patch slightly so that it can be instantiated from Spring, > here is my modified version. > > http://old.nabble.com/file/p27824328/ActiveMQSslConnectionFactoryx.java > ActiveMQSslConnectionFactoryx.java > > > When I try to connect, I always get this error which indicates that the > certificate is not found: > > Could not refresh JMS Connection for destination '2eQueue' - retrying in > 5000 ms. Cause: sun.security.validator.ValidatorException: PKIX path > building failed: sun.security.provider.certpath.SunCertPathBuilderExcepti > on: unable to find valid certification path to requested target > > > Does anyone have an idea how I can specify the trust and keystores on a > specific connection rather than having to rely on the System wide > properties? > > Thanks and BRegards > Andrew > > -- > View this message in context: > http://old.nabble.com/Client-side-SSL-with-specified-Key-and-Truststores-tp27824328p27824328.html > Sent from the ActiveMQ - User mailing list archive at Nabble.com. > >
