Hi, We have traced the problem down to the failover transport.
If the "failover" transport is removed from the configuration I showed above, then the Trust and KeyManagers are overridden as expected and the certificates are validated against our own keystore. As soon as failover is added back in, we see that validation of certificates is performed against the default Java "cacerts" instead of our own keystore. So it looks like Failover is not using our overridden instance of ActiveMQConnectionFactory anymore. Here are some SSL logs when Failover is included which show that the default java truststore is used: keyStore is : keyStore type is : jks keyStore provider is : init keystore init keymanager of type SunX509 trustStore is: /usr/lib/jvm/java-6-sun-1.6.0.16/jre/lib/security/cacerts trustStore type is : jks Does this sound like a bug or is there something we can do to ensure that Failover makes use of our overridden ConnectionFactory? Thanks and BRegards Andrew -- View this message in context: http://old.nabble.com/Client-side-SSL-with-specified-Key-and-Truststores-tp27824328p27835437.html Sent from the ActiveMQ - User mailing list archive at Nabble.com.
