All geek questions in one place

Built-in ActiveMQ SSL broker

I am trying to configure an integrated ActiveMQ broker that supports SSL.

Im continuously getting the same msg error:

ActiveMQ Transport Server: ssl://localhost:61613, called closeSocket() 2012-05-04 12:53:11,961 [ActiveMQ Transport Server: ssl://localhost:61613] ERROR broker.TransportConnector - Could not accept connection : No available certificate or key corresponds to the SSL cipher suites which are enabled.

A search on this issue indicates a possible malfunction in creating a keystore and trust store.

I tried to create a keystore and trust store using these guides without success. http://docs.oracle.com/javase/6/docs/technotes/guides/security/jsse/JSSERefGuide.html#CreateKeystore

http://activemq.apache.org/how-do-i-use-ssl.html

I am trying to set this in grails and im by defining embeddedActiveMq inside conf / spring / resources.groovy as shown below:

 SpringSslContext sslContext = new SpringSslContext() FileSystemResource keyStoreResource = new FileSystemResource("/path/to/keyStore") FileSystemResource trustStoreResource = new FileSystemResource("/path/to/trustStore") sslContext.setKeyStore(keyStoreResource) sslContext.setKeyStorePassword("password") sslContext.setTrustStore(trustStoreResource) sslContext.setTrustStorePassword("trustword") SslBrokerService broker = new SslBrokerService() broker.setBrokerName("broker") broker.setPersistent(true) broker.setUseJmx(true) broker.setSslContext(sslContext) TransportConnector connector = new TransportConnector connector.setUri(new("ssl://localhost:61613")) broker.addConnector(connector) broker.start()

I cannot get any other debugging information using

  System.setProperty("javax.net.debug", "ssl,handshake,data,trustmanager,keymanager")

May there be a problem with java still trying to use certificate files in jre6 / lib / security?

Is there anything specific you need to do to force a keystore, etc. work correctly?

+6
source share
2 answers

Take a look at ActiveMQ unit tests, especially the SslBrokerServiceTest . It shows how to configure SslBrokerService correctly and how to create KeyStore and TrustStore .

+1
source

The link above (http://activemq.apache.org/how-do-i-use-ssl.html) does refer to the troubleshooting guide for your problem in Thawte . Go through these steps and see if it works.

Another hint, which can be long, but in any case - when I had problems with Java certificates (mostly DSA certificates, though - you have RSA certificates for smaller problems ), the JVM has export restrictions for certain ciphers. Here is the link to the patch. I do not think that this will be the case for you, but, in any case, the idea of ​​checking may arise.

http://www.oracle.com/technetwork/java/javase/downloads/jce-6-download-429243.html

0
source

Source: https://habr.com/ru/post/914895/

More articles:


All Articles