Hi guru, Excuse, i'm new in ActiveMQ... Have built certificates/keystores as described in http://www.activemq.org/site/how-do-i-use-ssl.html how-do-i-use-ssl .
The broker have next configuration: ------------------------------------------------- <beans xmlns="http://activemq.org/config/1.0";> <bean class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/> <broker useJmx="true" persistent="true" brokerName="VladBroker"> <transportConnectors> <transportConnector name="SSL" uri="ssl://localhost:61613"/> <transportConnector name="TCP" uri="tcp://localhost:61616"/> </transportConnectors> </broker> </beans> ------------------------------------------------- and starts normally: ---------console---------------------------------------- ACTIVEMQ_HOME: c:\ActiveMQ\bin\.. Loading message broker from: xbean:activemq.xml INFO BrokerService - ActiveMQ 4.0.2 JMS Message Broker (VladBroker) is starting INFO BrokerService - For help or more information please see:http://incubator.apache.org/activemq/ INFO ManagementContext - JMX consoles can connect to service:jmx:rmi:///jndi/rmi://localhost:1099/jmxrmi INFO JDBCPersistenceAdapter - Database driver recognized: [apache_derby_embedded_jdbc_driver] INFO JournalPersistenceAdapter - Journal Recovery Started from: Active Journal: using 5 x 20.0 Megs at: C:\ActiveMQ\activemq-data\journal INFO JournalPersistenceAdapter - Journal Recovered: 0 message(s) in transactions recovered. INFO TransportServerThreadSupport - Listening for connections at: ssl://slavar:61613 INFO TransportConnector - Connector SSL Started INFO TransportServerThreadSupport - Listening for connections at: tcp://slavar:61616 INFO TransportConnector - Connector TCP Started INFO BrokerService - ActiveMQ JMS Message Broker (VladBroker,ID:slavar-1604-1164726172265-1:0) started ------------------------------------------------- The client's program fragment is next: ------------------------------------------------- public class ReceiverClient { public static void main(String[] args) { final String MESSAGE_BROKER_URL = "ssl://slavar:61613"; final String CLIENT_ID = "vladReceive"; final String TOPIC = "testtopic2"; // attempt to put system properties // needed for SSL connection // as described in http://www.activemq.org/site/how-do-i-use-ssl.html System.setProperty("javax.net.ssl.keyStore", "C:\\ActiveMQ\\client.ks"); System.setProperty("javax.net.ssl.keyStorePassword", "password"); System.setProperty("javax.net.ssl.trustStore", "C:\\ActiveMQ\\client.ts"); // enabling debug output System.setProperty("javax.net.debug", "ssl,handshake,data,trustmanager"); // starting communications JMSManager jm = new JMSManager(MESSAGE_BROKER_URL, CLIENT_ID); new Thread(new Receiver(jm, TOPIC)).start(); } } ------------------------------------------------- After starting of client program i got the next console: -------------console------------------------- setting up default SSLSocketFactory use default SunJSSE impl class: com.sun.net.ssl.internal.ssl.SSLSocketFactoryImpl class com.sun.net.ssl.internal.ssl.SSLSocketFactoryImpl is loaded keyStore is : C:\ActiveMQ\client.ks keyStore type is : jks keyStore provider is : init keystore init keymanager of type SunX509 *** found key for : client chain [0] = [ [ Version: V1 Subject: CN=Client, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4 Key: Sun RSA public key, 1024 bits modulus: 119125831157180012241622638937390092189160437001853263361203684931436347286138557738177018166153998344463370986916053114448493751892417595464787155221273101941051608309892520802382018408256577151580997906961252558439314550554537620071874869391764812672132384452834035314691770120458734555207178162494413487159 public exponent: 65537 Validity: [From: Tue Nov 28 17:02:13 EET 2006, To: Mon Feb 26 17:02:13 EET 2007] Issuer: CN=Client, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown SerialNumber: [ 456c4f75] ] Algorithm: [MD5withRSA] Signature: 0000: 3A 90 C6 F1 B8 90 53 77 95 A1 45 CB 18 10 D8 38 :.....Sw..E....8 0010: 3D F1 95 94 E7 A6 4E F7 DC 9C E9 A9 BD 61 BA 4F =.....N......a.O 0020: 76 D8 5B B4 99 43 49 2F 6B A8 F3 69 B3 87 90 F8 v.[..CI/k..i.... 0030: 38 1D 5B 0D E1 B5 44 4B 4A 44 88 60 04 83 04 B2 8.[...DKJD.`.... 0040: B0 BB A8 0A 82 C7 1D 51 7A 6E 62 31 E0 8C 7B 74 .......Qznb1...t 0050: AB 69 B5 48 64 90 AD 30 63 10 FE B0 3C EE C5 2F .i.Hd..0c...<../ 0060: 6A 51 D2 A1 A0 56 B4 CD 59 FF E7 22 78 A8 B7 EA jQ...V..Y.."x... 0070: CF EE EE 14 16 03 F7 7D EF D6 43 4E B4 F4 13 F8 ..........CN.... ] *** trustStore is: C:\ActiveMQ\client.ts trustStore type is : jks trustStore provider is : init truststore adding as trusted cert: Subject: CN=Broker, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown Exception in thread "main" java.lang.ExceptionInInitializerError at corp.sap.pal.le.amqtest.jms.client.JMSManager.init(JMSManager.java:64) at corp.sap.pal.le.amqtest.jms.client.JMSManager.<init>(JMSManager.java:33) at corp.sap.pal.le.amqtest.jms.client.ReceiverClient.main(ReceiverClient.java:37) Caused by: javax.jms.JMSException: Could not connect to broker URL: ssl://slavar:61613. Reason: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at org.apache.activemq.util.JMSExceptionSupport.create(JMSExceptionSupport.java:33) at org.apache.activemq.ActiveMQConnectionFactory.createActiveMQConnection(ActiveMQConnectionFactory.java:253) at org.apache.activemq.ActiveMQConnectionFactory.createActiveMQConnection(ActiveMQConnectionFactory.java:212) at org.apache.activemq.ActiveMQConnectionFactory.createConnection(ActiveMQConnectionFactory.java:159) at corp.sap.pal.le.amqtest.jms.client.JMSManager.init(JMSManager.java:55) ... 2 more Caused by: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source) at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source) at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source) at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown Source) at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown Source) at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source) at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown Source) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readDataRecord(Unknown Source) at com.sun.net.ssl.internal.ssl.AppInputStream.read(Unknown Source) at org.apache.activemq.transport.tcp.TcpBufferedInputStream.fill(TcpBufferedInputStream.java:49) at org.apache.activemq.transport.tcp.TcpBufferedInputStream.read(TcpBufferedInputStream.java:56) at java.io.DataInputStream.readInt(Unknown Source) at org.apache.activemq.openwire.OpenWireFormat.unmarshal(OpenWireFormat.java:275) at org.apache.activemq.transport.tcp.TcpTransport.run(TcpTransport.java:136) at java.lang.Thread.run(Unknown Source) Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(Unknown Source) at sun.security.validator.PKIXValidator.engineValidate(Unknown Source) at sun.security.validator.Validator.validate(Unknown Source) at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source) at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(Unknown Source) ... 14 more Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source) at java.security.cert.CertPathBuilder.build(Unknown Source) ... 19 more 2006.28.11 17:03:14 org.apache.activemq.ActiveMQConnection onAsyncException WARNING: Async exception with no exception listener: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source) at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source) at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source) at com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown Source) at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown Source) at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source) at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown Source) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source) at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readDataRecord(Unknown Source) at com.sun.net.ssl.internal.ssl.AppInputStream.read(Unknown Source) at org.apache.activemq.transport.tcp.TcpBufferedInputStream.fill(TcpBufferedInputStream.java:49) at org.apache.activemq.transport.tcp.TcpBufferedInputStream.read(TcpBufferedInputStream.java:56) at java.io.DataInputStream.readInt(Unknown Source) at org.apache.activemq.openwire.OpenWireFormat.unmarshal(OpenWireFormat.java:275) at org.apache.activemq.transport.tcp.TcpTransport.run(TcpTransport.java:136) at java.lang.Thread.run(Unknown Source) Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.validator.PKIXValidator.doBuild(Unknown Source) at sun.security.validator.PKIXValidator.engineValidate(Unknown Source) at sun.security.validator.Validator.validate(Unknown Source) at com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source) at com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(Unknown Source) ... 14 more Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown Source) at java.security.cert.CertPathBuilder.build(Unknown Source) ... 19 more Issuer: CN=Broker, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown Algorithm: RSA; Serial number: 0x456c4f41 Valid from Tue Nov 28 17:01:21 EET 2006 until Mon Feb 26 17:01:21 EET 2007 init context trigger seeding of SecureRandom done seeding SecureRandom instantiated an instance of class com.sun.net.ssl.internal.ssl.SSLSocketFactoryImpl main, setSoTimeout(0) called %% No cached client session *** ClientHello, TLSv1 RandomCookie: GMT: 1164725938 bytes = { 104, 30, 199, 2, 187, 204, 113, 255, 60, 143, 243, 121, 36, 222, 8, 25, 236, 63, 217, 191, 87, 45, 125, 196, 9, 218, 218, 6 } Session ID: {} Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA, TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA, SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA, SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5, SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA] Compression Methods: { 0 } *** [write] MD5 and SHA1 hashes: len = 73 0000: 01 00 00 45 03 01 45 6C 4F B2 68 1E C7 02 BB CC ...E..ElO.h..... 0010: 71 FF 3C 8F F3 79 24 DE 08 19 EC 3F D9 BF 57 2D q.<..y$....?..W- 0020: 7D C4 09 DA DA 06 00 00 1E 00 04 00 05 00 2F 00 ............../. 0030: 33 00 32 00 0A 00 16 00 13 00 09 00 15 00 12 00 3.2............. 0040: 03 00 08 00 14 00 11 01 00 ......... ActiveMQ Transport: tcp://localhost/127.0.0.1:61613, WRITE: TLSv1 Handshake, length = 73 [write] MD5 and SHA1 hashes: len = 98 0000: 01 03 01 00 39 00 00 00 20 00 00 04 01 00 80 00 ....9... ....... 0010: 00 05 00 00 2F 00 00 33 00 00 32 00 00 0A 07 00 ..../..3..2..... 0020: C0 00 00 16 00 00 13 00 00 09 06 00 40 00 00 15 [EMAIL PROTECTED] 0030: 00 00 12 00 00 03 02 00 80 00 00 08 00 00 14 00 ................ 0040: 00 11 45 6C 4F B2 68 1E C7 02 BB CC 71 FF 3C 8F ..ElO.h.....q.<. 0050: F3 79 24 DE 08 19 EC 3F D9 BF 57 2D 7D C4 09 DA .y$....?..W-.... 0060: DA 06 .. ActiveMQ Transport: tcp://localhost/127.0.0.1:61613, WRITE: SSLv2 client hello message, length = 98 ActiveMQ Transport: tcp://localhost/127.0.0.1:61613, READ: TLSv1 Handshake, length = 676 *** ServerHello, TLSv1 RandomCookie: GMT: 1164725938 bytes = { 248, 74, 66, 253, 93, 220, 60, 202, 202, 112, 29, 64, 177, 73, 33, 56, 64, 236, 105, 28, 166, 42, 153, 58, 158, 136, 142, 3 } Session ID: {69, 108, 79, 178, 39, 232, 39, 146, 139, 217, 183, 46, 34, 162, 86, 158, 115, 6, 202, 100, 101, 39, 38, 68, 143, 237, 247, 245, 189, 242, 138, 240} Cipher Suite: SSL_RSA_WITH_RC4_128_MD5 Compression Method: 0 *** %% Created: [Session-1, SSL_RSA_WITH_RC4_128_MD5] ** SSL_RSA_WITH_RC4_128_MD5 [read] MD5 and SHA1 hashes: len = 74 0000: 02 00 00 46 03 01 45 6C 4F B2 F8 4A 42 FD 5D DC ...F..ElO..JB.]. 0010: 3C CA CA 70 1D 40 B1 49 21 38 40 EC 69 1C A6 2A <[EMAIL PROTECTED]@.i..* 0020: 99 3A 9E 88 8E 03 20 45 6C 4F B2 27 E8 27 92 8B .:.... ElO.'.'.. 0030: D9 B7 2E 22 A2 56 9E 73 06 CA 64 65 27 26 44 8F ...".V.s..de'&D. 0040: ED F7 F5 BD F2 8A F0 00 04 00 .......... *** Certificate chain chain [0] = [ [ Version: V1 Subject: CN=Client, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4 Key: Sun RSA public key, 1024 bits modulus: 119125831157180012241622638937390092189160437001853263361203684931436347286138557738177018166153998344463370986916053114448493751892417595464787155221273101941051608309892520802382018408256577151580997906961252558439314550554537620071874869391764812672132384452834035314691770120458734555207178162494413487159 public exponent: 65537 Validity: [From: Tue Nov 28 17:02:13 EET 2006, To: Mon Feb 26 17:02:13 EET 2007] Issuer: CN=Client, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown SerialNumber: [ 456c4f75] ] Algorithm: [MD5withRSA] Signature: 0000: 3A 90 C6 F1 B8 90 53 77 95 A1 45 CB 18 10 D8 38 :.....Sw..E....8 0010: 3D F1 95 94 E7 A6 4E F7 DC 9C E9 A9 BD 61 BA 4F =.....N......a.O 0020: 76 D8 5B B4 99 43 49 2F 6B A8 F3 69 B3 87 90 F8 v.[..CI/k..i.... 0030: 38 1D 5B 0D E1 B5 44 4B 4A 44 88 60 04 83 04 B2 8.[...DKJD.`.... 0040: B0 BB A8 0A 82 C7 1D 51 7A 6E 62 31 E0 8C 7B 74 .......Qznb1...t 0050: AB 69 B5 48 64 90 AD 30 63 10 FE B0 3C EE C5 2F .i.Hd..0c...<../ 0060: 6A 51 D2 A1 A0 56 B4 CD 59 FF E7 22 78 A8 B7 EA jQ...V..Y.."x... 0070: CF EE EE 14 16 03 F7 7D EF D6 43 4E B4 F4 13 F8 ..........CN.... ] *** ActiveMQ Transport: tcp://localhost/127.0.0.1:61613, SEND TLSv1 ALERT: fatal, description = certificate_unknown ActiveMQ Transport: tcp://localhost/127.0.0.1:61613, WRITE: TLSv1 Alert, length = 2 ActiveMQ Transport: tcp://localhost/127.0.0.1:61613, called closeSocket() ActiveMQ Transport: tcp://localhost/127.0.0.1:61613, handling exception: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target ActiveMQ Transport: tcp://localhost/127.0.0.1:61613, called close() ActiveMQ Transport: tcp://localhost/127.0.0.1:61613, called closeInternal(true) main, handling exception: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target ------------------------------------------------ Seems that program can see keyStore and trustStore... What i do improperly? PS And what to do to establish SSL connection between two brokers? Thanks in adwance. And excuse my poor english. Vlad -- View this message in context: http://www.nabble.com/Cannot-get-SSL-client-to-broker-connection-tf2719214.html#a7581989 Sent from the ActiveMQ - User mailing list archive at Nabble.com.
