Hi Steve, Are you expecting it to say (literally) "DN: unavailable"? Without knowing anything else about your configuration, I'd suspect there's something not quite right about the client side certificates or perhaps the CA chain.
I would expect the Distinguished Name to reflect the client's "subject" on the cert. But again, just a guess. On my configuration -- granted it's ActiveMQ classic, it's a bit different -- I often check the server side with (on Linux): openssl s_client -connect host:5671 -showcerts -cert certificate.cer -key key.pem That assumes that you have x509 PEM formatted certificate and key files. If you have DER formatted files you can add "-certform DER" and/or "-keyform DER" to the command. If you have PKCS#12 you'd have to convert it first. -Frank On Wed, Nov 30, 2022 at 4:46 PM Steve Hiller <steve.hil...@randstadusa.com> wrote: > Hi Justin, > > Thanks for the quick reply! I just wanted to make sure I didn't do > something wrong from a security point of view. > In particular, I'm trying to understand why certain 172.x.x.x > addresses keep causing the warnings. > > Steve > > On Wed, Nov 30, 2022 at 4:14 PM Justin Bertram <jbert...@apache.org> > wrote: > > > > This looks like a normal WARN message about a connection attempt from an > > unauthenticated user. It's not a problem, per se. You can adjust the > > logging to omit it if you want. > > > > Do you have reason to believe this WARN message is not legitimate? > > > > > > Justin > > > > On Wed, Nov 30, 2022 at 3:07 PM Steve Hiller < > steve.hil...@randstadusa.com> > > wrote: > > > > > Hi All, > > > > > > I am going the following warning in the logs for my > > > kubernetes-deployed Artemis instance: > > > > > > 2022-11-30 20:18:10,015 WARN > > > [org.apache.activemq.artemis.core.server] AMQ222216: Security problem > > > while authenticating: AMQ229031: Unable to validate user from > > > /172.28.2.78:57456. Username: artemis; SSL certificate subject DN: > > > unavailable > > > > > > This message is produced for a variety of IP addresses and ports but > > > all for username artemis. I've done some googling but didn't see any > > > clear advice. My setup is as follows: > > > > > > Single Artemis instance, deployed to a Google kubernetes cluster, > > > using the Docker image based on the > > > apache-artemis-2.26.0-Source/artemis-docker sample. > > > > > > Any advice on this issue would be greatly appreciated! > > > > > > Thanks, > > > > > > Steve Hiller > > > > > > -- > > > This email message is for the sole use of the intended recipient(s) and > > > may > > > contain confidential and privileged information. Any unauthorized > review, > > > use, disclosure or distribution is prohibited. If you are not the > intended > > > recipient, please contact the sender by reply email and destroy all > copies > > > of the original message. > > > > > > > > > > -- > Steve Hiller > Manager, Software Development (Engagement) > > Randstad > 6750 North Andrews Avenue > Ft. Lauderdale, FL 33309 > 954.308.8230 (o) > 954.483.8452 (m) > steve.hil...@randstadusa.com > www.randstad.com > > This email message is for the sole use of the intended recipient(s) > and may contain confidential and privileged information. Any > unauthorized review, use, disclosure or distribution is prohibited. > If you are not the intended recipient, please contact the sender by > reply email and destroy all copies of the original message. > > -- > This email message is for the sole use of the intended recipient(s) and > may > contain confidential and privileged information. Any unauthorized review, > use, disclosure or distribution is prohibited. If you are not the intended > recipient, please contact the sender by reply email and destroy all copies > of the original message. > -- Frank
