Hi guru,
Excuse, i'm new in ActiveMQ...
Have built certificates/keystores as described in
http://www.activemq.org/site/how-do-i-use-ssl.html how-do-i-use-ssl .
The broker have next configuration:
-------------------------------------------------
<beans xmlns="http://activemq.org/config/1.0";>
<bean
class="org.springframework.beans.factory.config.PropertyPlaceholderConfigurer"/>
<broker useJmx="true" persistent="true" brokerName="VladBroker">
<transportConnectors>
<transportConnector name="SSL" uri="ssl://localhost:61613"/>
<transportConnector name="TCP" uri="tcp://localhost:61616"/>
</transportConnectors>
</broker>
</beans>
-------------------------------------------------
and starts normally:
---------console----------------------------------------
ACTIVEMQ_HOME: c:\ActiveMQ\bin\..
Loading message broker from: xbean:activemq.xml
INFO BrokerService - ActiveMQ 4.0.2 JMS Message Broker
(VladBroker) is starting
INFO BrokerService - For help or more information please
see:http://incubator.apache.org/activemq/
INFO ManagementContext - JMX consoles can connect to
service:jmx:rmi:///jndi/rmi://localhost:1099/jmxrmi
INFO JDBCPersistenceAdapter - Database driver recognized:
[apache_derby_embedded_jdbc_driver]
INFO JournalPersistenceAdapter - Journal Recovery Started from: Active
Journal: using 5 x 20.0 Megs at: C:\ActiveMQ\activemq-data\journal
INFO JournalPersistenceAdapter - Journal Recovered: 0 message(s) in
transactions recovered.
INFO TransportServerThreadSupport - Listening for connections at:
ssl://slavar:61613
INFO TransportConnector - Connector SSL Started
INFO TransportServerThreadSupport - Listening for connections at:
tcp://slavar:61616
INFO TransportConnector - Connector TCP Started
INFO BrokerService - ActiveMQ JMS Message Broker
(VladBroker,ID:slavar-1604-1164726172265-1:0) started
-------------------------------------------------
The client's program fragment is next:
-------------------------------------------------
public class ReceiverClient {
public static void main(String[] args) {
final String MESSAGE_BROKER_URL = "ssl://slavar:61613";
final String CLIENT_ID = "vladReceive";
final String TOPIC = "testtopic2";
// attempt to put system properties
// needed for SSL connection
// as described in
http://www.activemq.org/site/how-do-i-use-ssl.html
System.setProperty("javax.net.ssl.keyStore",
"C:\\ActiveMQ\\client.ks");
System.setProperty("javax.net.ssl.keyStorePassword",
"password");
System.setProperty("javax.net.ssl.trustStore",
"C:\\ActiveMQ\\client.ts");
// enabling debug output
System.setProperty("javax.net.debug",
"ssl,handshake,data,trustmanager");
// starting communications
JMSManager jm = new JMSManager(MESSAGE_BROKER_URL, CLIENT_ID);
new Thread(new Receiver(jm, TOPIC)).start();
}
}
-------------------------------------------------
After starting of client program i got the next console:
-------------console-------------------------
setting up default SSLSocketFactory
use default SunJSSE impl class:
com.sun.net.ssl.internal.ssl.SSLSocketFactoryImpl
class com.sun.net.ssl.internal.ssl.SSLSocketFactoryImpl is loaded
keyStore is : C:\ActiveMQ\client.ks
keyStore type is : jks
keyStore provider is :
init keystore
init keymanager of type SunX509
***
found key for : client
chain [0] = [
[
Version: V1
Subject: CN=Client, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown,
C=Unknown
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: Sun RSA public key, 1024 bits
modulus:
119125831157180012241622638937390092189160437001853263361203684931436347286138557738177018166153998344463370986916053114448493751892417595464787155221273101941051608309892520802382018408256577151580997906961252558439314550554537620071874869391764812672132384452834035314691770120458734555207178162494413487159
public exponent: 65537
Validity: [From: Tue Nov 28 17:02:13 EET 2006,
To: Mon Feb 26 17:02:13 EET 2007]
Issuer: CN=Client, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown
SerialNumber: [ 456c4f75]
]
Algorithm: [MD5withRSA]
Signature:
0000: 3A 90 C6 F1 B8 90 53 77 95 A1 45 CB 18 10 D8 38 :.....Sw..E....8
0010: 3D F1 95 94 E7 A6 4E F7 DC 9C E9 A9 BD 61 BA 4F =.....N......a.O
0020: 76 D8 5B B4 99 43 49 2F 6B A8 F3 69 B3 87 90 F8 v.[..CI/k..i....
0030: 38 1D 5B 0D E1 B5 44 4B 4A 44 88 60 04 83 04 B2 8.[...DKJD.`....
0040: B0 BB A8 0A 82 C7 1D 51 7A 6E 62 31 E0 8C 7B 74 .......Qznb1...t
0050: AB 69 B5 48 64 90 AD 30 63 10 FE B0 3C EE C5 2F .i.Hd..0c...<../
0060: 6A 51 D2 A1 A0 56 B4 CD 59 FF E7 22 78 A8 B7 EA jQ...V..Y.."x...
0070: CF EE EE 14 16 03 F7 7D EF D6 43 4E B4 F4 13 F8 ..........CN....
]
***
trustStore is: C:\ActiveMQ\client.ts
trustStore type is : jks
trustStore provider is :
init truststore
adding as trusted cert:
Subject: CN=Broker, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown,
C=Unknown
Exception in thread "main" java.lang.ExceptionInInitializerError
at
corp.sap.pal.le.amqtest.jms.client.JMSManager.init(JMSManager.java:64)
at
corp.sap.pal.le.amqtest.jms.client.JMSManager.<init>(JMSManager.java:33)
at
corp.sap.pal.le.amqtest.jms.client.ReceiverClient.main(ReceiverClient.java:37)
Caused by: javax.jms.JMSException: Could not connect to broker URL:
ssl://slavar:61613. Reason: javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target
at
org.apache.activemq.util.JMSExceptionSupport.create(JMSExceptionSupport.java:33)
at
org.apache.activemq.ActiveMQConnectionFactory.createActiveMQConnection(ActiveMQConnectionFactory.java:253)
at
org.apache.activemq.ActiveMQConnectionFactory.createActiveMQConnection(ActiveMQConnectionFactory.java:212)
at
org.apache.activemq.ActiveMQConnectionFactory.createConnection(ActiveMQConnectionFactory.java:159)
at
corp.sap.pal.le.amqtest.jms.client.JMSManager.init(JMSManager.java:55)
... 2 more
Caused by: javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
at
com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown
Source)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown
Source)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown
Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown
Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readDataRecord(Unknown
Source)
at com.sun.net.ssl.internal.ssl.AppInputStream.read(Unknown Source)
at
org.apache.activemq.transport.tcp.TcpBufferedInputStream.fill(TcpBufferedInputStream.java:49)
at
org.apache.activemq.transport.tcp.TcpBufferedInputStream.read(TcpBufferedInputStream.java:56)
at java.io.DataInputStream.readInt(Unknown Source)
at
org.apache.activemq.openwire.OpenWireFormat.unmarshal(OpenWireFormat.java:275)
at
org.apache.activemq.transport.tcp.TcpTransport.run(TcpTransport.java:136)
at java.lang.Thread.run(Unknown Source)
Caused by: sun.security.validator.ValidatorException: PKIX path building
failed: sun.security.provider.certpath.SunCertPathBuilderException: unable
to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(Unknown Source)
at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
at sun.security.validator.Validator.validate(Unknown Source)
at
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown
Source)
at
com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(Unknown
Source)
... 14 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown
Source)
at java.security.cert.CertPathBuilder.build(Unknown Source)
... 19 more
2006.28.11 17:03:14 org.apache.activemq.ActiveMQConnection onAsyncException
WARNING: Async exception with no exception listener:
javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target
javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Unknown Source)
at
com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(Unknown
Source)
at com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(Unknown
Source)
at com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Unknown Source)
at com.sun.net.ssl.internal.ssl.Handshaker.process_record(Unknown
Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown
Source)
at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readDataRecord(Unknown
Source)
at com.sun.net.ssl.internal.ssl.AppInputStream.read(Unknown Source)
at
org.apache.activemq.transport.tcp.TcpBufferedInputStream.fill(TcpBufferedInputStream.java:49)
at
org.apache.activemq.transport.tcp.TcpBufferedInputStream.read(TcpBufferedInputStream.java:56)
at java.io.DataInputStream.readInt(Unknown Source)
at
org.apache.activemq.openwire.OpenWireFormat.unmarshal(OpenWireFormat.java:275)
at
org.apache.activemq.transport.tcp.TcpTransport.run(TcpTransport.java:136)
at java.lang.Thread.run(Unknown Source)
Caused by: sun.security.validator.ValidatorException: PKIX path building
failed: sun.security.provider.certpath.SunCertPathBuilderException: unable
to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(Unknown Source)
at sun.security.validator.PKIXValidator.engineValidate(Unknown Source)
at sun.security.validator.Validator.validate(Unknown Source)
at
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown
Source)
at
com.sun.net.ssl.internal.ssl.JsseX509TrustManager.checkServerTrusted(Unknown
Source)
... 14 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target
at sun.security.provider.certpath.SunCertPathBuilder.engineBuild(Unknown
Source)
at java.security.cert.CertPathBuilder.build(Unknown Source)
... 19 more
Issuer: CN=Broker, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown,
C=Unknown
Algorithm: RSA; Serial number: 0x456c4f41
Valid from Tue Nov 28 17:01:21 EET 2006 until Mon Feb 26 17:01:21 EET 2007
init context
trigger seeding of SecureRandom
done seeding SecureRandom
instantiated an instance of class
com.sun.net.ssl.internal.ssl.SSLSocketFactoryImpl
main, setSoTimeout(0) called
%% No cached client session
*** ClientHello, TLSv1
RandomCookie: GMT: 1164725938 bytes = { 104, 30, 199, 2, 187, 204, 113,
255, 60, 143, 243, 121, 36, 222, 8, 25, 236, 63, 217, 191, 87, 45, 125, 196,
9, 218, 218, 6 }
Session ID: {}
Cipher Suites: [SSL_RSA_WITH_RC4_128_MD5, SSL_RSA_WITH_RC4_128_SHA,
TLS_RSA_WITH_AES_128_CBC_SHA, TLS_DHE_RSA_WITH_AES_128_CBC_SHA,
TLS_DHE_DSS_WITH_AES_128_CBC_SHA, SSL_RSA_WITH_3DES_EDE_CBC_SHA,
SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA, SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,
SSL_RSA_WITH_DES_CBC_SHA, SSL_DHE_RSA_WITH_DES_CBC_SHA,
SSL_DHE_DSS_WITH_DES_CBC_SHA, SSL_RSA_EXPORT_WITH_RC4_40_MD5,
SSL_RSA_EXPORT_WITH_DES40_CBC_SHA, SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA,
SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA]
Compression Methods: { 0 }
***
[write] MD5 and SHA1 hashes: len = 73
0000: 01 00 00 45 03 01 45 6C 4F B2 68 1E C7 02 BB CC ...E..ElO.h.....
0010: 71 FF 3C 8F F3 79 24 DE 08 19 EC 3F D9 BF 57 2D q.<..y$....?..W-
0020: 7D C4 09 DA DA 06 00 00 1E 00 04 00 05 00 2F 00 ............../.
0030: 33 00 32 00 0A 00 16 00 13 00 09 00 15 00 12 00 3.2.............
0040: 03 00 08 00 14 00 11 01 00 .........
ActiveMQ Transport: tcp://localhost/127.0.0.1:61613, WRITE: TLSv1 Handshake,
length = 73
[write] MD5 and SHA1 hashes: len = 98
0000: 01 03 01 00 39 00 00 00 20 00 00 04 01 00 80 00 ....9... .......
0010: 00 05 00 00 2F 00 00 33 00 00 32 00 00 0A 07 00 ..../..3..2.....
0020: C0 00 00 16 00 00 13 00 00 09 06 00 40 00 00 15 [EMAIL PROTECTED]
0030: 00 00 12 00 00 03 02 00 80 00 00 08 00 00 14 00 ................
0040: 00 11 45 6C 4F B2 68 1E C7 02 BB CC 71 FF 3C 8F ..ElO.h.....q.<.
0050: F3 79 24 DE 08 19 EC 3F D9 BF 57 2D 7D C4 09 DA .y$....?..W-....
0060: DA 06 ..
ActiveMQ Transport: tcp://localhost/127.0.0.1:61613, WRITE: SSLv2 client
hello message, length = 98
ActiveMQ Transport: tcp://localhost/127.0.0.1:61613, READ: TLSv1 Handshake,
length = 676
*** ServerHello, TLSv1
RandomCookie: GMT: 1164725938 bytes = { 248, 74, 66, 253, 93, 220, 60, 202,
202, 112, 29, 64, 177, 73, 33, 56, 64, 236, 105, 28, 166, 42, 153, 58, 158,
136, 142, 3 }
Session ID: {69, 108, 79, 178, 39, 232, 39, 146, 139, 217, 183, 46, 34,
162, 86, 158, 115, 6, 202, 100, 101, 39, 38, 68, 143, 237, 247, 245, 189,
242, 138, 240}
Cipher Suite: SSL_RSA_WITH_RC4_128_MD5
Compression Method: 0
***
%% Created: [Session-1, SSL_RSA_WITH_RC4_128_MD5]
** SSL_RSA_WITH_RC4_128_MD5
[read] MD5 and SHA1 hashes: len = 74
0000: 02 00 00 46 03 01 45 6C 4F B2 F8 4A 42 FD 5D DC ...F..ElO..JB.].
0010: 3C CA CA 70 1D 40 B1 49 21 38 40 EC 69 1C A6 2A <[EMAIL
PROTECTED]@.i..*
0020: 99 3A 9E 88 8E 03 20 45 6C 4F B2 27 E8 27 92 8B .:.... ElO.'.'..
0030: D9 B7 2E 22 A2 56 9E 73 06 CA 64 65 27 26 44 8F ...".V.s..de'&D.
0040: ED F7 F5 BD F2 8A F0 00 04 00 ..........
*** Certificate chain
chain [0] = [
[
Version: V1
Subject: CN=Client, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown,
C=Unknown
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: Sun RSA public key, 1024 bits
modulus:
119125831157180012241622638937390092189160437001853263361203684931436347286138557738177018166153998344463370986916053114448493751892417595464787155221273101941051608309892520802382018408256577151580997906961252558439314550554537620071874869391764812672132384452834035314691770120458734555207178162494413487159
public exponent: 65537
Validity: [From: Tue Nov 28 17:02:13 EET 2006,
To: Mon Feb 26 17:02:13 EET 2007]
Issuer: CN=Client, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown
SerialNumber: [ 456c4f75]
]
Algorithm: [MD5withRSA]
Signature:
0000: 3A 90 C6 F1 B8 90 53 77 95 A1 45 CB 18 10 D8 38 :.....Sw..E....8
0010: 3D F1 95 94 E7 A6 4E F7 DC 9C E9 A9 BD 61 BA 4F =.....N......a.O
0020: 76 D8 5B B4 99 43 49 2F 6B A8 F3 69 B3 87 90 F8 v.[..CI/k..i....
0030: 38 1D 5B 0D E1 B5 44 4B 4A 44 88 60 04 83 04 B2 8.[...DKJD.`....
0040: B0 BB A8 0A 82 C7 1D 51 7A 6E 62 31 E0 8C 7B 74 .......Qznb1...t
0050: AB 69 B5 48 64 90 AD 30 63 10 FE B0 3C EE C5 2F .i.Hd..0c...<../
0060: 6A 51 D2 A1 A0 56 B4 CD 59 FF E7 22 78 A8 B7 EA jQ...V..Y.."x...
0070: CF EE EE 14 16 03 F7 7D EF D6 43 4E B4 F4 13 F8 ..........CN....
]
***
ActiveMQ Transport: tcp://localhost/127.0.0.1:61613, SEND TLSv1 ALERT:
fatal, description = certificate_unknown
ActiveMQ Transport: tcp://localhost/127.0.0.1:61613, WRITE: TLSv1 Alert,
length = 2
ActiveMQ Transport: tcp://localhost/127.0.0.1:61613, called closeSocket()
ActiveMQ Transport: tcp://localhost/127.0.0.1:61613, handling exception:
javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target
ActiveMQ Transport: tcp://localhost/127.0.0.1:61613, called close()
ActiveMQ Transport: tcp://localhost/127.0.0.1:61613, called
closeInternal(true)
main, handling exception: javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path building failed:
sun.security.provider.certpath.SunCertPathBuilderException: unable to find
valid certification path to requested target
------------------------------------------------
Seems that program can see keyStore and trustStore...
What i do improperly?
PS
And what to do to establish SSL connection between two brokers?
Thanks in adwance.
And excuse my poor english.
Vlad
