Hi,
I have setup the ssl in the broker as follows,
<sslContext>
<sslContext keyStore="file:${activemq.base}/conf/broker.ks"
keyStorePassword="password"
trustStore="file:${activemq.base}/conf/broker.ts"
trustStorePassword="password"/>
</sslContext>
And specified he transport connector as,
<transportConnector name="ssl" uri="ssl://0.0.0.0:443"/>
With this configuraton broker starts, but when I connect to it using a java
consumer as,
ActiveMQConnectionFactory factory =
new ActiveMQConnectionFactory("ssl://<server-ip>:443");
I got the error,
Could not connect to broker URL: ssl://<server-ip>:443. Reason:
javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target
And in the activemq logs, it says,
ERROR | Could not accept connection : javax.net.ssl.SSLHandshakeException:
Received fatal alert: certificate_unknown
I have followed the steps specified in
http://activemq.apache.org/how-do-i-use-ssl.html, to generate and register
the certificate.
Also, set the
SSL_OPTS=-Djavax.net.ssl.keyStore=MessageBrokerRoot/conf/broker.ks.
But still getting the same error.
How can I set the,
javax.net.ssl.keyStore=/path/to/client.ks
javax.net.ssl.keyStorePassword=password
javax.net.ssl.trustStore=/path/to/client.ts
And do I need to do any thing different at the client side, while connecting
instead of changing url form tcp to ssl.
Let me know your inputs.
Thanks
Manu
--
View this message in context:
http://activemq.2283324.n4.nabble.com/Unable-to-connect-to-broker-over-ssl-tp4041082p4041082.html
Sent from the ActiveMQ - User mailing list archive at Nabble.com.
