This is an automated email from the ASF dual-hosted git repository.
brusdev pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/activemq-artemis.git
The following commit(s) were added to refs/heads/main by this push:
new 3598177734 ARTEMIS-4697 Auto reload SSL PEM config sources on change
3598177734 is described below
commit 3598177734bd00eba4e404fc1084534249ddc00e
Author: Domenico Francesco Bruscino <[email protected]>
AuthorDate: Fri Mar 22 08:28:50 2024 +0100
ARTEMIS-4697 Auto reload SSL PEM config sources on change
---
.../activemq/artemis/utils/PemConfigUtil.java | 50 ++++++
.../artemis/core/server/ActiveMQServerLogger.java | 3 +
.../core/server/impl/ActiveMQServerImpl.java | 65 +++++---
artemis-web/pom.xml | 4 +-
.../artemis/component/WebServerComponent.java | 27 +++-
.../activemq/cli/test/WebServerComponentTest.java | 61 ++++++-
pom.xml | 1 +
.../tests/integration/ssl/SSLAutoReloadTest.java | 60 +++++++
.../artemis/tests/integration/ssl/SslPEMTest.java | 2 +-
tests/security-resources/build.sh | 42 +++--
tests/security-resources/client-ca-cert.pem | 38 ++---
tests/security-resources/client-ca-keystore.p12 | Bin 2734 -> 2750 bytes
.../security-resources/client-ca-truststore.jceks | Bin 950 -> 955 bytes
tests/security-resources/client-ca-truststore.jks | Bin 950 -> 955 bytes
tests/security-resources/client-ca-truststore.p12 | Bin 1270 -> 1270 bytes
tests/security-resources/client-ca.pem | 54 +++----
tests/security-resources/client-key-cert.pem | 175 +++++++++++----------
tests/security-resources/client-keystore.jceks | Bin 4124 -> 4166 bytes
tests/security-resources/client-keystore.jks | Bin 4145 -> 4185 bytes
tests/security-resources/client-keystore.p12 | Bin 4904 -> 4952 bytes
tests/security-resources/other-client-crl.pem | 18 +--
.../security-resources/other-client-keystore.jceks | Bin 4136 -> 4183 bytes
tests/security-resources/other-client-keystore.jks | Bin 4156 -> 4203 bytes
tests/security-resources/other-client-keystore.p12 | Bin 4932 -> 4980 bytes
tests/security-resources/other-server-cert.pem | 30 ++++
tests/security-resources/other-server-crl.pem | 18 +--
tests/security-resources/other-server-key.pem | 32 ++++
.../security-resources/other-server-keystore.jceks | Bin 4183 -> 4229 bytes
tests/security-resources/other-server-keystore.jks | Bin 4203 -> 4248 bytes
tests/security-resources/other-server-keystore.p12 | Bin 4980 -> 5028 bytes
.../other-server-keystore.pemcfg | 2 +
.../other-server-truststore.jceks | Bin 1100 -> 1136 bytes
.../security-resources/other-server-truststore.jks | Bin 1100 -> 1136 bytes
.../security-resources/other-server-truststore.p12 | Bin 1414 -> 1446 bytes
tests/security-resources/server-ca-cert.pem | 38 ++---
tests/security-resources/server-ca-keystore.p12 | Bin 2734 -> 2750 bytes
.../security-resources/server-ca-truststore.jceks | Bin 950 -> 955 bytes
tests/security-resources/server-ca-truststore.jks | Bin 950 -> 955 bytes
tests/security-resources/server-ca-truststore.p12 | Bin 1270 -> 1270 bytes
tests/security-resources/server-ca.pem | 54 +++----
tests/security-resources/server-cert.pem | 45 +++---
tests/security-resources/server-key.pem | 54 +++----
tests/security-resources/server-keystore.jceks | Bin 4150 -> 4211 bytes
tests/security-resources/server-keystore.jks | Bin 4169 -> 4230 bytes
tests/security-resources/server-keystore.p12 | Bin 4936 -> 5000 bytes
...pem-props-config.txt => server-keystore.pemcfg} | 0
.../unknown-client-keystore.jceks | Bin 4112 -> 4172 bytes
.../security-resources/unknown-client-keystore.jks | Bin 4132 -> 4192 bytes
.../security-resources/unknown-client-keystore.p12 | Bin 4920 -> 4984 bytes
tests/security-resources/unknown-server-cert.pem | 28 ++++
tests/security-resources/unknown-server-key.pem | 32 ++++
.../unknown-server-keystore.jceks | Bin 4112 -> 4172 bytes
.../security-resources/unknown-server-keystore.jks | Bin 4132 -> 4191 bytes
.../security-resources/unknown-server-keystore.p12 | Bin 4920 -> 4984 bytes
.../unknown-server-keystore.pemcfg | 2 +
55 files changed, 648 insertions(+), 287 deletions(-)
diff --git
a/artemis-commons/src/main/java/org/apache/activemq/artemis/utils/PemConfigUtil.java
b/artemis-commons/src/main/java/org/apache/activemq/artemis/utils/PemConfigUtil.java
new file mode 100644
index 0000000000..0f5b6d145c
--- /dev/null
+++
b/artemis-commons/src/main/java/org/apache/activemq/artemis/utils/PemConfigUtil.java
@@ -0,0 +1,50 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.activemq.artemis.utils;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Properties;
+
+public class PemConfigUtil {
+
+ public static final String PEMCFG_STORE_TYPE = "PEMCFG";
+ public static final String SOURCE_PREFIX = "source.";
+
+ public static boolean isPemConfigStoreType(String storeType) {
+ return PEMCFG_STORE_TYPE.equals(storeType);
+ }
+ public static String[] parseSources(final InputStream stream) throws
IOException {
+ List<String> sources = new ArrayList<>();
+ Properties pemConfigProperties = new Properties();
+
+ pemConfigProperties.load(stream);
+
+ for (final String key : pemConfigProperties.stringPropertyNames()) {
+ if (key.startsWith(SOURCE_PREFIX)) {
+ String source = pemConfigProperties.getProperty(key);
+ if (source != null) {
+ sources.add(source);
+ }
+ }
+ }
+
+ return sources.toArray(new String[sources.size()]);
+ }
+}
\ No newline at end of file
diff --git
a/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/ActiveMQServerLogger.java
b/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/ActiveMQServerLogger.java
index 2fdad78462..9d97f2d408 100644
---
a/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/ActiveMQServerLogger.java
+++
b/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/ActiveMQServerLogger.java
@@ -1611,4 +1611,7 @@ public interface ActiveMQServerLogger {
@LogMessage(id = 224136, value = "Skipping correlation ID when converting
message to OpenWire since byte[] value is not valid UTF-8: {}", level =
LogMessage.Level.WARN)
void unableToDecodeCorrelationId(String message);
+
+ @LogMessage(id = 224137, value = "Skipping SSL auto reload for sources of
store {} because of {}", level = LogMessage.Level.WARN)
+ void skipSSLAutoReloadForSourcesOfStore(String storePath, String reason);
}
diff --git
a/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/impl/ActiveMQServerImpl.java
b/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/impl/ActiveMQServerImpl.java
index e15e7c7513..0eeb8190ca 100644
---
a/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/impl/ActiveMQServerImpl.java
+++
b/artemis-server/src/main/java/org/apache/activemq/artemis/core/server/impl/ActiveMQServerImpl.java
@@ -19,6 +19,7 @@ package org.apache.activemq.artemis.core.server.impl;
import javax.management.MBeanServer;
import java.io.File;
import java.io.IOException;
+import java.io.InputStream;
import java.io.PrintWriter;
import java.io.StringWriter;
import java.lang.invoke.MethodHandles;
@@ -207,6 +208,7 @@ import
org.apache.activemq.artemis.utils.ActiveMQThreadPoolExecutor;
import org.apache.activemq.artemis.utils.CompositeAddress;
import org.apache.activemq.artemis.utils.ConfigurationHelper;
import org.apache.activemq.artemis.utils.ExecutorFactory;
+import org.apache.activemq.artemis.utils.PemConfigUtil;
import org.apache.activemq.artemis.utils.ReusableLatch;
import org.apache.activemq.artemis.utils.SecurityFormatter;
import org.apache.activemq.artemis.utils.ThreadDumpUtil;
@@ -226,8 +228,10 @@ import org.slf4j.LoggerFactory;
import static java.util.stream.Collectors.groupingBy;
import static
org.apache.activemq.artemis.core.remoting.impl.netty.TransportConstants.DEFAULT_SSL_AUTO_RELOAD;
import static
org.apache.activemq.artemis.core.remoting.impl.netty.TransportConstants.KEYSTORE_PATH_PROP_NAME;
+import static
org.apache.activemq.artemis.core.remoting.impl.netty.TransportConstants.KEYSTORE_TYPE_PROP_NAME;
import static
org.apache.activemq.artemis.core.remoting.impl.netty.TransportConstants.SSL_AUTO_RELOAD_PROP_NAME;
import static
org.apache.activemq.artemis.core.remoting.impl.netty.TransportConstants.TRUSTSTORE_PATH_PROP_NAME;
+import static
org.apache.activemq.artemis.core.remoting.impl.netty.TransportConstants.TRUSTSTORE_TYPE_PROP_NAME;
import static
org.apache.activemq.artemis.utils.collections.IterableStream.iterableOf;
/**
@@ -3398,18 +3402,13 @@ public class ActiveMQServerImpl implements
ActiveMQServer {
configuration.getAcceptorConfigurations().forEach((acceptorConfig) ->
{
Map<String, Object> config = acceptorConfig.getCombinedParams();
if
(ConfigurationHelper.getBooleanProperty(SSL_AUTO_RELOAD_PROP_NAME,
DEFAULT_SSL_AUTO_RELOAD, config)) {
- URL pathUrl = fileUrlFrom(config.get(KEYSTORE_PATH_PROP_NAME));
- if (pathUrl != null) {
- reloadManager.addCallback(pathUrl, (uri) -> {
- reloadNamedAcceptor(acceptorConfig.getName());
- });
- }
- pathUrl = fileUrlFrom(config.get(TRUSTSTORE_PATH_PROP_NAME));
- if (pathUrl != null) {
- reloadManager.addCallback(pathUrl, (uri) -> {
- reloadNamedAcceptor(acceptorConfig.getName());
- });
- }
+ addAcceptorStoreReloadCallback(acceptorConfig.getName(),
+ fileUrlFrom(config.get(KEYSTORE_PATH_PROP_NAME)),
+ storeTypeFrom(config.get(KEYSTORE_TYPE_PROP_NAME)));
+
+ addAcceptorStoreReloadCallback(acceptorConfig.getName(),
+ fileUrlFrom(config.get(TRUSTSTORE_PATH_PROP_NAME)),
+ storeTypeFrom(config.get(TRUSTSTORE_TYPE_PROP_NAME)));
}
});
}
@@ -3425,12 +3424,35 @@ public class ActiveMQServerImpl implements
ActiveMQServer {
return true;
}
- private void reloadNamedAcceptor(String name) {
- // preference for Control to capture consistent audit logging
- if (managementService != null) {
- Object targetControl =
managementService.getResource(ResourceNames.ACCEPTOR + name);
- if (targetControl instanceof AcceptorControl) {
- ((AcceptorControl) targetControl).reload();
+ private void addAcceptorStoreReloadCallback(String acceptorName, URL
storeURL, String storeType) {
+ if (storeURL != null) {
+ reloadManager.addCallback(storeURL, (uri) -> {
+ // preference for Control to capture consistent audit logging
+ if (managementService != null) {
+ Object targetControl =
managementService.getResource(ResourceNames.ACCEPTOR + acceptorName);
+ if (targetControl instanceof AcceptorControl) {
+ ((AcceptorControl) targetControl).reload();
+ }
+ }
+ });
+
+ if (PemConfigUtil.isPemConfigStoreType(storeType)) {
+ String[] sources = null;
+
+ try (InputStream pemConfigStream = storeURL.openStream()) {
+ sources = PemConfigUtil.parseSources(pemConfigStream);
+ } catch (IOException e) {
+
ActiveMQServerLogger.LOGGER.skipSSLAutoReloadForSourcesOfStore(storeURL.getPath(),
e.toString());
+ }
+
+ if (sources != null) {
+ for (String source : sources) {
+ URL sourceURL = fileUrlFrom(source);
+ if (sourceURL != null) {
+ addAcceptorStoreReloadCallback(acceptorName, sourceURL,
null);
+ }
+ }
+ }
}
}
}
@@ -3445,6 +3467,13 @@ public class ActiveMQServerImpl implements
ActiveMQServer {
return null;
}
+ private String storeTypeFrom(Object o) {
+ if (o instanceof String) {
+ return (String)o;
+ }
+ return null;
+ }
+
@Override
public void installMirrorController(MirrorController mirrorController) {
logger.debug("Mirror controller is being installed");
diff --git a/artemis-web/pom.xml b/artemis-web/pom.xml
index 00e304377a..8f33100c03 100644
--- a/artemis-web/pom.xml
+++ b/artemis-web/pom.xml
@@ -180,8 +180,10 @@
<include>server-keystore.p12</include>
<include>server-cert.pem</include>
<include>server-key.pem</include>
- <include>server-pem-props-config.txt</include>
+ <include>server-keystore.pemcfg</include>
<include>other-server-keystore.p12</include>
+ <include>other-server-cert.pem</include>
+ <include>other-server-key.pem</include>
</includes>
</resource>
</resources>
diff --git
a/artemis-web/src/main/java/org/apache/activemq/artemis/component/WebServerComponent.java
b/artemis-web/src/main/java/org/apache/activemq/artemis/component/WebServerComponent.java
index a67096a5ee..2093cc3487 100644
---
a/artemis-web/src/main/java/org/apache/activemq/artemis/component/WebServerComponent.java
+++
b/artemis-web/src/main/java/org/apache/activemq/artemis/component/WebServerComponent.java
@@ -18,6 +18,9 @@ package org.apache.activemq.artemis.component;
import javax.servlet.DispatcherType;
import java.io.File;
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.io.InputStream;
import java.lang.invoke.MethodHandles;
import java.net.URI;
import java.nio.file.Files;
@@ -38,6 +41,7 @@ import org.apache.activemq.artemis.dto.BindingDTO;
import org.apache.activemq.artemis.dto.ComponentDTO;
import org.apache.activemq.artemis.dto.WebServerDTO;
import org.apache.activemq.artemis.marker.WebServerComponentMarker;
+import org.apache.activemq.artemis.utils.PemConfigUtil;
import org.eclipse.jetty.security.DefaultAuthenticatorFactory;
import org.eclipse.jetty.server.ConnectionFactory;
import org.eclipse.jetty.server.CustomRequestLog;
@@ -278,8 +282,8 @@ public class WebServerComponent implements
ExternalComponent, WebServerComponent
}
}
if (Boolean.TRUE.equals(binding.getSslAutoReload())) {
- addStoreResourceScannerTask(binding.getKeyStorePath(), sslFactory);
- addStoreResourceScannerTask(binding.getTrustStorePath(),
sslFactory);
+ addStoreResourceScannerTask(binding.getKeyStorePath(),
binding.getKeyStoreType(), sslFactory);
+ addStoreResourceScannerTask(binding.getTrustStorePath(),
binding.getTrustStoreType(), sslFactory);
}
SslConnectionFactory sslConnectionFactory = new
SslConnectionFactory(sslFactory, "HTTP/1.1");
@@ -359,7 +363,7 @@ public class WebServerComponent implements
ExternalComponent, WebServerComponent
getScanner().addDirectory(parentFile.toPath());
}
- private void addStoreResourceScannerTask(String storeFilename,
SslContextFactory.Server sslFactory) {
+ private void addStoreResourceScannerTask(String storeFilename, String
storeType, SslContextFactory.Server sslFactory) {
if (storeFilename != null) {
File storeFile = getStoreFile(storeFilename);
addScannerTask(storeFile, () -> {
@@ -369,6 +373,23 @@ public class WebServerComponent implements
ExternalComponent, WebServerComponent
logger.warn("Failed to reload the ssl factory related to {}",
storeFile, e);
}
});
+
+ if (PemConfigUtil.isPemConfigStoreType(storeType)) {
+ String[] sources;
+
+ try (InputStream pemConfigStream = new FileInputStream(storeFile))
{
+ sources = PemConfigUtil.parseSources(pemConfigStream);
+ } catch (IOException e) {
+ throw new IllegalArgumentException("Invalid PEM Config file: "
+ e);
+ }
+
+ if (sources != null) {
+ for (String source : sources) {
+ addStoreResourceScannerTask(source, null, sslFactory);
+ }
+ }
+ }
+
}
}
diff --git
a/artemis-web/src/test/java/org/apache/activemq/cli/test/WebServerComponentTest.java
b/artemis-web/src/test/java/org/apache/activemq/cli/test/WebServerComponentTest.java
index 46f05335f8..9a8ce4c6dd 100644
---
a/artemis-web/src/test/java/org/apache/activemq/cli/test/WebServerComponentTest.java
+++
b/artemis-web/src/test/java/org/apache/activemq/cli/test/WebServerComponentTest.java
@@ -79,6 +79,7 @@ import org.apache.activemq.artemis.dto.AppDTO;
import org.apache.activemq.artemis.dto.BindingDTO;
import org.apache.activemq.artemis.dto.BrokerDTO;
import org.apache.activemq.artemis.dto.WebServerDTO;
+import org.apache.activemq.artemis.utils.PemConfigUtil;
import org.apache.activemq.artemis.utils.ThreadLeakCheckRule;
import org.apache.activemq.artemis.utils.Wait;
import org.apache.http.HttpException;
@@ -119,7 +120,7 @@ public class WebServerComponentTest extends Assert {
static final String KEY_STORE_PATH =
WebServerComponentTest.class.getClassLoader().getResource("server-keystore.p12").getFile();
- static final String PEM_KEY_STORE_PATH =
WebServerComponentTest.class.getClassLoader().getResource("server-pem-props-config.txt").getFile();
+ static final String PEM_KEY_STORE_PATH =
WebServerComponentTest.class.getClassLoader().getResource("server-keystore.pemcfg").getFile();
static final String KEY_STORE_PASSWORD = "securepass";
@@ -473,6 +474,64 @@ public class WebServerComponentTest extends Assert {
}
}
+ @Test
+ public void testSSLAutoReloadPemConfigSources() throws Exception {
+ File serverKeyFile = tempFolder.newFile();
+ File serverCertFile = tempFolder.newFile();
+ File serverPemConfigFile = tempFolder.newFile();
+
+
Files.copy(WebServerComponentTest.class.getClassLoader().getResourceAsStream("server-key.pem"),
+ serverKeyFile.toPath(), StandardCopyOption.REPLACE_EXISTING);
+
+
Files.copy(WebServerComponentTest.class.getClassLoader().getResourceAsStream("server-cert.pem"),
+ serverCertFile.toPath(), StandardCopyOption.REPLACE_EXISTING);
+
+ Files.write(serverPemConfigFile.toPath(), Arrays.asList(new String[]{
+ "source.key=" + serverKeyFile.getAbsolutePath(),
+ "source.cert=" + serverCertFile.getAbsolutePath()
+ }));
+
+ BindingDTO bindingDTO = new BindingDTO();
+ bindingDTO.setSslAutoReload(true);
+ bindingDTO.setKeyStorePath(serverPemConfigFile.getAbsolutePath());
+ bindingDTO.setKeyStoreType(PemConfigUtil.PEMCFG_STORE_TYPE);
+
+ WebServerComponent webServerComponent =
startSimpleSecureServer(bindingDTO);
+
+ try {
+ int port = webServerComponent.getPort(0);
+ AtomicReference<SSLSession> sslSessionReference = new
AtomicReference<>();
+ HostnameVerifier hostnameVerifier = (s, sslSession) -> {
+ sslSessionReference.set(sslSession);
+ return true;
+ };
+
+ // check server certificate contains ActiveMQ Artemis Server
+ Assert.assertTrue(testSimpleSecureServer("localhost", port,
"localhost", null, hostnameVerifier) == 200 &&
+
sslSessionReference.get().getPeerCertificates()[0].toString().contains("DNSName:
server.artemis.activemq"));
+
+ // check server certificate doesn't contain ActiveMQ Artemis Server
+ Assert.assertFalse(testSimpleSecureServer("localhost", port,
"localhost", null, hostnameVerifier) == 200 &&
+
sslSessionReference.get().getPeerCertificates()[0].toString().contains("DNSName:
other-server.artemis.activemq"));
+
+ // update server PEM config sources
+
Files.copy(WebServerComponentTest.class.getClassLoader().getResourceAsStream("other-server-key.pem"),
+ serverKeyFile.toPath(), StandardCopyOption.REPLACE_EXISTING);
+
+
Files.copy(WebServerComponentTest.class.getClassLoader().getResourceAsStream("other-server-cert.pem"),
+ serverCertFile.toPath(), StandardCopyOption.REPLACE_EXISTING);
+
+ // check server certificate contains ActiveMQ Artemis Other Server
+ Wait.assertTrue(() -> testSimpleSecureServer("localhost", port,
"localhost", null, hostnameVerifier) == 200 &&
+
sslSessionReference.get().getPeerCertificates()[0].toString().contains("DNSName:
other-server.artemis.activemq"));
+
+ // check server certificate doesn't contain ActiveMQ Artemis Server
+ Assert.assertFalse(testSimpleSecureServer("localhost", port,
"localhost", null, hostnameVerifier) == 200 &&
+
sslSessionReference.get().getPeerCertificates()[0].toString().contains("DNSName:
server.artemis.activemq"));
+ } finally {
+ webServerComponent.stop(true);
+ }
+ }
private int testSimpleSecureServer(String webServerHostname, int
webServerPort, String requestHostname, String sniHostname) throws Exception {
return testSimpleSecureServer(webServerHostname, webServerPort,
requestHostname, sniHostname, null);
diff --git a/pom.xml b/pom.xml
index 976ae4535a..bbecdb11b5 100644
--- a/pom.xml
+++ b/pom.xml
@@ -973,6 +973,7 @@
<exclude>**/*.jks</exclude>
<exclude>**/*.p12</exclude>
<exclude>**/xml.xsd</exclude>
+ <exclude>**/*.pemcfg</exclude>
<exclude>**/org/apache/activemq/artemis/utils/json/**</exclude>
<exclude>**/org/apache/activemq/artemis/utils/Base64.java</exclude>
<exclude>**/.settings/**</exclude>
diff --git
a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ssl/SSLAutoReloadTest.java
b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ssl/SSLAutoReloadTest.java
index 79e919cfa7..4e453987d7 100644
---
a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ssl/SSLAutoReloadTest.java
+++
b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ssl/SSLAutoReloadTest.java
@@ -17,6 +17,9 @@
package org.apache.activemq.artemis.tests.integration.ssl;
import java.io.File;
+import java.nio.file.Files;
+import java.nio.file.StandardCopyOption;
+import java.util.Arrays;
import java.util.HashMap;
import java.util.Map;
@@ -27,6 +30,7 @@ import
org.apache.activemq.artemis.core.config.impl.ConfigurationImpl;
import org.apache.activemq.artemis.core.remoting.impl.netty.TransportConstants;
import org.apache.activemq.artemis.core.server.ActiveMQServer;
import org.apache.activemq.artemis.tests.util.ActiveMQTestBase;
+import org.apache.activemq.artemis.utils.PemConfigUtil;
import org.apache.activemq.artemis.utils.Wait;
import org.junit.Test;
@@ -82,4 +86,60 @@ public class SSLAutoReloadTest extends ActiveMQTestBase {
return false;
}, 5000, 100);
}
+
+ @Test
+ public void testOneWaySSLWithAutoReloadPemConfigSources() throws Exception {
+ File serverKeyFile = temporaryFolder.newFile();
+ File serverCertFile = temporaryFolder.newFile();
+ File serverPemConfigFile = temporaryFolder.newFile();
+
+
Files.copy(this.getClass().getClassLoader().getResourceAsStream("unknown-server-key.pem"),
+ serverKeyFile.toPath(), StandardCopyOption.REPLACE_EXISTING);
+
+
Files.copy(this.getClass().getClassLoader().getResourceAsStream("unknown-server-cert.pem"),
+ serverCertFile.toPath(), StandardCopyOption.REPLACE_EXISTING);
+
+ Files.write(serverPemConfigFile.toPath(), Arrays.asList(new String[]{
+ "source.key=" + serverKeyFile.getAbsolutePath(),
+ "source.cert=" + serverCertFile.getAbsolutePath()
+ }));
+
+ Map<String, Object> params = new HashMap<>();
+ params.put(TransportConstants.SSL_AUTO_RELOAD_PROP_NAME, true);
+ params.put(TransportConstants.SSL_ENABLED_PROP_NAME, true);
+ params.put(TransportConstants.KEYSTORE_PATH_PROP_NAME,
serverPemConfigFile.getAbsolutePath());
+ params.put(TransportConstants.KEYSTORE_TYPE_PROP_NAME,
PemConfigUtil.PEMCFG_STORE_TYPE);
+
+ ConfigurationImpl config =
createBasicConfig().addAcceptorConfiguration(new
TransportConfiguration(NETTY_ACCEPTOR_FACTORY, params, "nettySSL"));
+ ActiveMQServer server = createServer(false, config);
+ server.getConfiguration().setConfigurationFileRefreshPeriod(50);
+ server.start();
+ waitForServerToStart(server);
+
+ String url =
"tcp://127.0.0.1:61616?sslEnabled=true;trustStorePath=server-ca-truststore.p12;trustStorePassword="
+ PASSWORD;
+ ServerLocator locator =
addServerLocator(ActiveMQClient.createServerLocator(url)).setCallTimeout(3000);
+
+ try {
+ createSessionFactory(locator);
+ fail("Creating session here should fail due to SSL handshake
problems.");
+ } catch (Exception ignored) {
+ }
+
+ // update server PEM config sources
+
Files.copy(this.getClass().getClassLoader().getResourceAsStream("server-key.pem"),
+ serverKeyFile.toPath(), StandardCopyOption.REPLACE_EXISTING);
+
+
Files.copy(this.getClass().getClassLoader().getResourceAsStream("server-cert.pem"),
+ serverCertFile.toPath(), StandardCopyOption.REPLACE_EXISTING);
+
+ // expect success after auto reload, which we wait for
+ Wait.waitFor(() -> {
+ try {
+ addSessionFactory(createSessionFactory(locator));
+ return true;
+ } catch (Throwable ignored) {
+ }
+ return false;
+ }, 5000, 100);
+ }
}
diff --git
a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ssl/SslPEMTest.java
b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ssl/SslPEMTest.java
index 642279df5d..7f9d025bb8 100644
---
a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ssl/SslPEMTest.java
+++
b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ssl/SslPEMTest.java
@@ -122,7 +122,7 @@ public class SslPEMTest extends ActiveMQTestBase {
Map<String, Object> params = new HashMap<>();
params.put(TransportConstants.SSL_ENABLED_PROP_NAME, true);
params.put(TransportConstants.KEYSTORE_TYPE_PROP_NAME, "PEMCFG");
- params.put(TransportConstants.KEYSTORE_PATH_PROP_NAME,
"server-pem-props-config.txt");
+ params.put(TransportConstants.KEYSTORE_PATH_PROP_NAME,
"server-keystore.pemcfg");
params.put(TransportConstants.TRUSTSTORE_TYPE_PROP_NAME, "PEM");
params.put(TransportConstants.TRUSTSTORE_PATH_PROP_NAME,
"client-ca-cert.pem");
params.put(TransportConstants.NEED_CLIENT_AUTH_PROP_NAME, true);
diff --git a/tests/security-resources/build.sh
b/tests/security-resources/build.sh
index e65237bb02..6ba2652996 100755
--- a/tests/security-resources/build.sh
+++ b/tests/security-resources/build.sh
@@ -24,12 +24,12 @@ KEY_PASS=securepass
STORE_PASS=securepass
CA_VALIDITY=365000
VALIDITY=36500
-CLIENT_NAMES="san=dns:localhost,ip:127.0.0.1"
-SERVER_NAMES="san=dns:localhost,dns:localhost.localdomain,dns:artemis.localtest.me,ip:127.0.0.1"
+LOCAL_CLIENT_NAMES="dns:localhost,ip:127.0.0.1"
+LOCAL_SERVER_NAMES="dns:localhost,dns:localhost.localdomain,dns:artemis.localtest.me,ip:127.0.0.1"
# Clean up existing files
# -----------------------
-rm -f *.crt *.csr openssl-* *.jceks *.jks *.p12 *.pem
+rm -f *.crt *.csr openssl-* *.jceks *.jks *.p12 *.pem *.pemcfg
# Create a key and self-signed certificate for the CA, to sign server
certificate requests and use for trust:
#
----------------------------------------------------------------------------------------------------
@@ -45,10 +45,10 @@ keytool -importkeystore -srckeystore
server-ca-truststore.p12 -destkeystore serv
# Create a key pair for the server, and sign it with the CA:
# ----------------------------------------------------------
-keytool -storetype pkcs12 -keystore server-keystore.p12 -storepass $STORE_PASS
-keypass $KEY_PASS -alias server -genkey -keyalg "RSA" -keysize 2048 -dname
"CN=ActiveMQ Artemis Server, OU=Artemis, O=ActiveMQ, L=AMQ, S=AMQ, C=AMQ"
-validity $VALIDITY -ext bc=ca:false -ext eku=sA -ext $SERVER_NAMES
+keytool -storetype pkcs12 -keystore server-keystore.p12 -storepass $STORE_PASS
-keypass $KEY_PASS -alias server -genkey -keyalg "RSA" -keysize 2048 -dname
"CN=ActiveMQ Artemis Server, OU=Artemis, O=ActiveMQ, L=AMQ, S=AMQ, C=AMQ"
-validity $VALIDITY -ext bc=ca:false -ext eku=sA -ext
"san=dns:server.artemis.activemq,$LOCAL_SERVER_NAMES"
keytool -storetype pkcs12 -keystore server-keystore.p12 -storepass $STORE_PASS
-alias server -certreq -file server.csr
-keytool -storetype pkcs12 -keystore server-ca-keystore.p12 -storepass
$STORE_PASS -alias server-ca -gencert -rfc -infile server.csr -outfile
server.crt -validity $VALIDITY -ext bc=ca:false -ext $SERVER_NAMES
+keytool -storetype pkcs12 -keystore server-ca-keystore.p12 -storepass
$STORE_PASS -alias server-ca -gencert -rfc -infile server.csr -outfile
server.crt -validity $VALIDITY -ext bc=ca:false -ext eku=sA -ext
"san=dns:server.artemis.activemq,$LOCAL_SERVER_NAMES"
keytool -storetype pkcs12 -keystore server-keystore.p12 -storepass $STORE_PASS
-keypass $KEY_PASS -importcert -alias server-ca -file server-ca.crt -noprompt
keytool -storetype pkcs12 -keystore server-keystore.p12 -storepass $STORE_PASS
-keypass $KEY_PASS -importcert -alias server -file server.crt
@@ -58,10 +58,10 @@ keytool -importkeystore -srckeystore server-keystore.p12
-destkeystore server-ke
# Create a key pair for the other server, and sign it with the CA:
# ----------------------------------------------------------
-keytool -storetype pkcs12 -keystore other-server-keystore.p12 -storepass
$STORE_PASS -keypass $KEY_PASS -alias other-server -genkey -keyalg "RSA"
-keysize 2048 -dname "CN=ActiveMQ Artemis Other Server, OU=Artemis, O=ActiveMQ,
L=AMQ, S=AMQ, C=AMQ" -validity $VALIDITY -ext bc=ca:false -ext $SERVER_NAMES
+keytool -storetype pkcs12 -keystore other-server-keystore.p12 -storepass
$STORE_PASS -keypass $KEY_PASS -alias other-server -genkey -keyalg "RSA"
-keysize 2048 -dname "CN=ActiveMQ Artemis Other Server, OU=Artemis, O=ActiveMQ,
L=AMQ, S=AMQ, C=AMQ" -validity $VALIDITY -ext bc=ca:false -ext eku=sA -ext
"san=dns:other-server.artemis.activemq,$LOCAL_SERVER_NAMES"
keytool -storetype pkcs12 -keystore other-server-keystore.p12 -storepass
$STORE_PASS -alias other-server -certreq -file other-server.csr
-keytool -storetype pkcs12 -keystore server-ca-keystore.p12 -storepass
$STORE_PASS -alias server-ca -gencert -rfc -infile other-server.csr -outfile
other-server.crt -validity $VALIDITY -ext bc=ca:false -ext eku=sA -ext
$SERVER_NAMES
+keytool -storetype pkcs12 -keystore server-ca-keystore.p12 -storepass
$STORE_PASS -alias server-ca -gencert -rfc -infile other-server.csr -outfile
other-server.crt -validity $VALIDITY -ext bc=ca:false -ext eku=sA -ext
"san=dns:other-server.artemis.activemq,$LOCAL_SERVER_NAMES"
keytool -storetype pkcs12 -keystore other-server-keystore.p12 -storepass
$STORE_PASS -keypass $KEY_PASS -importcert -alias server-ca -file server-ca.crt
-noprompt
keytool -storetype pkcs12 -keystore other-server-keystore.p12 -storepass
$STORE_PASS -keypass $KEY_PASS -importcert -alias other-server -file
other-server.crt
@@ -84,10 +84,10 @@ openssl ca -config openssl.conf -gencrl -keyfile
server-ca.pem -cert server-ca.c
# Create a key pair for the broker with an unexpected hostname, and sign it
with the CA:
#
--------------------------------------------------------------------------------------
-keytool -storetype pkcs12 -keystore unknown-server-keystore.p12 -storepass
$STORE_PASS -keypass $KEY_PASS -alias unknown-server -genkey -keyalg "RSA"
-keysize 2048 -dname "CN=ActiveMQ Artemis Unknown Server, OU=Artemis,
O=ActiveMQ, L=AMQ, S=AMQ, C=AMQ" -validity $VALIDITY -ext bc=ca:false -ext
eku=sA
+keytool -storetype pkcs12 -keystore unknown-server-keystore.p12 -storepass
$STORE_PASS -keypass $KEY_PASS -alias unknown-server -genkey -keyalg "RSA"
-keysize 2048 -dname "CN=ActiveMQ Artemis Unknown Server, OU=Artemis,
O=ActiveMQ, L=AMQ, S=AMQ, C=AMQ" -validity $VALIDITY -ext bc=ca:false -ext
eku=sA -ext "san=dns:unknown-server.artemis.activemq"
keytool -storetype pkcs12 -keystore unknown-server-keystore.p12 -storepass
$STORE_PASS -alias unknown-server -certreq -file unknown-server.csr
-keytool -storetype pkcs12 -keystore server-ca-keystore.p12 -storepass
$STORE_PASS -alias server-ca -gencert -rfc -infile unknown-server.csr -outfile
unknown-server.crt -validity $VALIDITY -ext bc=ca:false -ext eku=sA
+keytool -storetype pkcs12 -keystore server-ca-keystore.p12 -storepass
$STORE_PASS -alias server-ca -gencert -rfc -infile unknown-server.csr -outfile
unknown-server.crt -validity $VALIDITY -ext bc=ca:false -ext eku=sA -ext
"san=dns:unknown-server.artemis.activemq"
keytool -storetype pkcs12 -keystore unknown-server-keystore.p12 -storepass
$STORE_PASS -keypass $KEY_PASS -importcert -alias server-ca -file server-ca.crt
-noprompt
keytool -storetype pkcs12 -keystore unknown-server-keystore.p12 -storepass
$STORE_PASS -keypass $KEY_PASS -importcert -alias unknown-server -file
unknown-server.crt
@@ -109,10 +109,10 @@ keytool -importkeystore -srckeystore
client-ca-truststore.p12 -destkeystore clie
# Create a key pair for the client, and sign it with the CA:
# ----------------------------------------------------------
-keytool -storetype pkcs12 -keystore client-keystore.p12 -storepass $STORE_PASS
-keypass $KEY_PASS -alias client -genkey -keyalg "RSA" -keysize 2048 -dname
"CN=ActiveMQ Artemis Client, OU=Artemis, O=ActiveMQ, L=AMQ, S=AMQ, C=AMQ"
-validity $VALIDITY -ext bc=ca:false -ext eku=cA -ext $CLIENT_NAMES
+keytool -storetype pkcs12 -keystore client-keystore.p12 -storepass $STORE_PASS
-keypass $KEY_PASS -alias client -genkey -keyalg "RSA" -keysize 2048 -dname
"CN=ActiveMQ Artemis Client, OU=Artemis, O=ActiveMQ, L=AMQ, S=AMQ, C=AMQ"
-validity $VALIDITY -ext bc=ca:false -ext eku=cA -ext
"san=dns:client.artemis.activemq,$LOCAL_CLIENT_NAMES"
keytool -storetype pkcs12 -keystore client-keystore.p12 -storepass $STORE_PASS
-alias client -certreq -file client.csr
-keytool -storetype pkcs12 -keystore client-ca-keystore.p12 -storepass
$STORE_PASS -alias client-ca -gencert -rfc -infile client.csr -outfile
client.crt -validity $VALIDITY -ext bc=ca:false -ext eku=cA -ext $CLIENT_NAMES
+keytool -storetype pkcs12 -keystore client-ca-keystore.p12 -storepass
$STORE_PASS -alias client-ca -gencert -rfc -infile client.csr -outfile
client.crt -validity $VALIDITY -ext bc=ca:false -ext eku=cA -ext
"san=dns:client.artemis.activemq,$LOCAL_CLIENT_NAMES"
keytool -storetype pkcs12 -keystore client-keystore.p12 -storepass $STORE_PASS
-keypass $KEY_PASS -importcert -alias client-ca -file client-ca.crt -noprompt
keytool -storetype pkcs12 -keystore client-keystore.p12 -storepass $STORE_PASS
-keypass $KEY_PASS -importcert -alias client -file client.crt
@@ -122,10 +122,10 @@ keytool -importkeystore -srckeystore client-keystore.p12
-destkeystore client-ke
# Create a key pair for the other client, and sign it with the CA:
# ----------------------------------------------------------
-keytool -storetype pkcs12 -keystore other-client-keystore.p12 -storepass
$STORE_PASS -keypass $KEY_PASS -alias other-client -genkey -keyalg "RSA"
-keysize 2048 -dname "CN=ActiveMQ Artemis Other Client, OU=Artemis, O=ActiveMQ,
L=AMQ, S=AMQ, C=AMQ" -validity $VALIDITY -ext bc=ca:false -ext eku=cA -ext
$CLIENT_NAMES
+keytool -storetype pkcs12 -keystore other-client-keystore.p12 -storepass
$STORE_PASS -keypass $KEY_PASS -alias other-client -genkey -keyalg "RSA"
-keysize 2048 -dname "CN=ActiveMQ Artemis Other Client, OU=Artemis, O=ActiveMQ,
L=AMQ, S=AMQ, C=AMQ" -validity $VALIDITY -ext bc=ca:false -ext eku=cA -ext
"san=dns:other-client.artemis.activemq,$LOCAL_CLIENT_NAMES"
keytool -storetype pkcs12 -keystore other-client-keystore.p12 -storepass
$STORE_PASS -alias other-client -certreq -file other-client.csr
-keytool -storetype pkcs12 -keystore client-ca-keystore.p12 -storepass
$STORE_PASS -alias client-ca -gencert -rfc -infile other-client.csr -outfile
other-client.crt -validity $VALIDITY -ext bc=ca:false -ext eku=cA -ext
$CLIENT_NAMES
+keytool -storetype pkcs12 -keystore client-ca-keystore.p12 -storepass
$STORE_PASS -alias client-ca -gencert -rfc -infile other-client.csr -outfile
other-client.crt -validity $VALIDITY -ext bc=ca:false -ext eku=cA -ext
"san=dns:other-client.artemis.activemq,$LOCAL_CLIENT_NAMES"
keytool -storetype pkcs12 -keystore other-client-keystore.p12 -storepass
$STORE_PASS -keypass $KEY_PASS -importcert -alias client-ca -file client-ca.crt
-noprompt
keytool -storetype pkcs12 -keystore other-client-keystore.p12 -storepass
$STORE_PASS -keypass $KEY_PASS -importcert -alias other-client -file
other-client.crt
@@ -142,10 +142,10 @@ openssl ca -config openssl.conf -gencrl -keyfile
client-ca.pem -cert client-ca.c
# Create a key pair for the client with an unexpected hostname, and sign it
with the CA:
# ----------------------------------------------------------
-keytool -storetype pkcs12 -keystore unknown-client-keystore.p12 -storepass
$STORE_PASS -keypass $KEY_PASS -alias unknown-client -genkey -keyalg "RSA"
-keysize 2048 -dname "CN=ActiveMQ Artemis Unknown Client, OU=Artemis,
O=ActiveMQ, L=AMQ, S=AMQ, C=AMQ" -validity $VALIDITY -ext bc=ca:false -ext
eku=cA
+keytool -storetype pkcs12 -keystore unknown-client-keystore.p12 -storepass
$STORE_PASS -keypass $KEY_PASS -alias unknown-client -genkey -keyalg "RSA"
-keysize 2048 -dname "CN=ActiveMQ Artemis Unknown Client, OU=Artemis,
O=ActiveMQ, L=AMQ, S=AMQ, C=AMQ" -validity $VALIDITY -ext bc=ca:false -ext
eku=cA -ext "san=dns:unknown-client.artemis.activemq"
keytool -storetype pkcs12 -keystore unknown-client-keystore.p12 -storepass
$STORE_PASS -alias unknown-client -certreq -file unknown-client.csr
-keytool -storetype pkcs12 -keystore client-ca-keystore.p12 -storepass
$STORE_PASS -alias client-ca -gencert -rfc -infile unknown-client.csr -outfile
unknown-client.crt -validity $VALIDITY -ext bc=ca:false -ext eku=cA
+keytool -storetype pkcs12 -keystore client-ca-keystore.p12 -storepass
$STORE_PASS -alias client-ca -gencert -rfc -infile unknown-client.csr -outfile
unknown-client.crt -validity $VALIDITY -ext bc=ca:false -ext eku=cA -ext
"san=dns:unknown-client.artemis.activemq"
keytool -storetype pkcs12 -keystore unknown-client-keystore.p12 -storepass
$STORE_PASS -keypass $KEY_PASS -importcert -alias client-ca -file client-ca.crt
-noprompt
keytool -storetype pkcs12 -keystore unknown-client-keystore.p12 -storepass
$STORE_PASS -keypass $KEY_PASS -importcert -alias unknown-client -file
unknown-client.crt
@@ -157,10 +157,18 @@ keytool -importkeystore -srckeystore
unknown-client-keystore.p12 -destkeystore u
## separate private and public cred pem files combined for the keystore via
prop
openssl pkcs12 -in server-keystore.p12 -out server-cert.pem -clcerts -nokeys
-password pass:$STORE_PASS
openssl pkcs12 -in server-keystore.p12 -out server-key.pem -nocerts -nodes
-password pass:$STORE_PASS
+openssl pkcs12 -in other-server-keystore.p12 -out other-server-cert.pem
-clcerts -nokeys -password pass:$STORE_PASS
+openssl pkcs12 -in other-server-keystore.p12 -out other-server-key.pem
-nocerts -nodes -password pass:$STORE_PASS
+openssl pkcs12 -in unknown-server-keystore.p12 -out unknown-server-cert.pem
-clcerts -nokeys -password pass:$STORE_PASS
+openssl pkcs12 -in unknown-server-keystore.p12 -out unknown-server-key.pem
-nocerts -nodes -password pass:$STORE_PASS
## PEMCFG properties format
-echo source.key=classpath:server-key.pem > server-pem-props-config.txt
-echo source.cert=classpath:server-cert.pem >> server-pem-props-config.txt
+echo source.key=classpath:server-key.pem > server-keystore.pemcfg
+echo source.cert=classpath:server-cert.pem >> server-keystore.pemcfg
+echo source.key=classpath:other-server-key.pem > other-server-keystore.pemcfg
+echo source.cert=classpath:other-server-cert.pem >>
other-server-keystore.pemcfg
+echo source.key=classpath:unknown-server-key.pem >
unknown-server-keystore.pemcfg
+echo source.cert=classpath:unknown-server-cert.pem >>
unknown-server-keystore.pemcfg
## combined pem file for client
openssl pkcs12 -in client-keystore.p12 -out client-key-cert.pem -nodes
-password pass:$STORE_PASS
diff --git a/tests/security-resources/client-ca-cert.pem
b/tests/security-resources/client-ca-cert.pem
index cba2d51049..4815798aa9 100644
--- a/tests/security-resources/client-ca-cert.pem
+++ b/tests/security-resources/client-ca-cert.pem
@@ -1,21 +1,21 @@
-----BEGIN CERTIFICATE-----
-MIIDcDCCAligAwIBAgIEJbym6DANBgkqhkiG9w0BAQsFADBfMREwDwYDVQQKEwhB
-Y3RpdmVNUTEQMA4GA1UECxMHQXJ0ZW1pczE4MDYGA1UEAxMvQWN0aXZlTVEgQXJ0
-ZW1pcyBDbGllbnQgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwIBcNMjMxMjA3MTY0
-ODUyWhgPMzAyMzA0MDkxNjQ4NTJaMF8xETAPBgNVBAoTCEFjdGl2ZU1RMRAwDgYD
-VQQLEwdBcnRlbWlzMTgwNgYDVQQDEy9BY3RpdmVNUSBBcnRlbWlzIENsaWVudCBD
-ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
-AQoCggEBAIaj9LoncxRCfTayohTMSqWCutkAXE8rTDKbpmrTt3RMkmqJw2sO3tn0
-CZkcfkf+1eXsJHRoH9uhUZI7Cc+vGFCfWF9RTi4aCjYFtTXmb0FAsOl1TTRjDgWb
-eyUYI25KpVBz57JD3GlFlFo0tLQkc/C1QWU3dlpU5INh5vo/1Si4hrVSX8/Hun8q
-daZg4bjfUGnNa0H5nPfkCaZjAamAKp6L50e0cLS4PQCPhVMdH6uU2CEJDxNURN3i
-tD6z3YJReFpxNM3HmDwLgUxQcvByQ60Qc90aUihKqXKj8rlFJn76d/kkH3xj2n5t
-msY4/GNxh+P0W8whH4C7uglo/vSaDbMCAwEAAaMyMDAwHQYDVR0OBBYEFKUM1JFb
-FBp0jlZ9Cb6UbaPQAOr7MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQAD
-ggEBAFmb6rDuirRpEpO/+jXRqq3A4gqMW4Qbjqb61pIQyNim+0Z+RDwQn4nfnZxY
-CaAlRiwg7Ihr85brwHcAC2YG/ir3AEcY70r15xIFCiRkDo47r8cXhTAiQfVBjd1j
-m1Bo1w1Sae/Vhe/Jryuqz7C+lXads6xWr9x+RoKb9IDgRhz6aVUBQfkyuusm3D+c
-RN7i3IRD2ypf1dEAH51+n+U3gEtWbztA2R1MFCGq/pWfEbMaI7fkBu77h6e/Okwq
-dNAbXMYlKvv/BgkmzPvHWtepa/1vWZmyC1t0Oo3jNBrUMPCrkQwHbSMl9vMQwICJ
-LnIXqz1dSY/M11jjOVS8ZoZ0gdE=
+MIIDdTCCAl2gAwIBAgIJAJkUaBwB0GpUMA0GCSqGSIb3DQEBCwUAMF8xETAPBgNV
+BAoTCEFjdGl2ZU1RMRAwDgYDVQQLEwdBcnRlbWlzMTgwNgYDVQQDEy9BY3RpdmVN
+USBBcnRlbWlzIENsaWVudCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAgFw0yNDAz
+MjIxMTUxMjlaGA8zMDIzMDcyNDExNTEyOVowXzERMA8GA1UEChMIQWN0aXZlTVEx
+EDAOBgNVBAsTB0FydGVtaXMxODA2BgNVBAMTL0FjdGl2ZU1RIEFydGVtaXMgQ2xp
+ZW50IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEAl8cFCGopD43ChXIcmEBNREmaFGwY3nlRkvmyhX7X0p+7sMVF
+b1oxEkLl0Bv9vluc7faQPC51ikPFE7cFdWvsTAxkDsMC/3lnAveVcaJi+9x+ndNl
+sTL3WIZXQ/JBq9WgZb4Xrl1Bwq+xAf58o/pgc8sY6mgXIJgte5HVLZB1N+pqG1Ce
+O4siVvVeew74Md5gh3gzwIkq6svEoRR6mvx+ima4y942bqdO/rXzBKkVKPM3Wozg
+Oj+5y7oM9oeg8B0x8vH/nO2HZAM5lBhK5o0ZDpDrOa6Q445gZqjcn13fEaNAhTo+
+Ak5x7ZMZkuipZPjIEg/9FwcC0qM2nJhy8lBLSwIDAQABozIwMDAdBgNVHQ4EFgQU
+mQHkKAJROOr1cSjoSuMcvR0s0OswDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0B
+AQsFAAOCAQEAdraRmTJvQ4lE+3pg4oz8IZbPhoXQRi/9xMOuDMgaBngxcIy/orT0
+0+rMQDw/UpPvGYzHzxG7F9Euw2HvxF/fGTLrHXLDlPlGmORwWvGR3nRPxCG8wi2b
+Zc7d9WUZ5zfIZ346ht/1QuyHHCLU9gaJP1irJA1fJ3ZJdnIDcjG17keM51vF8Jtl
+J08WzHQ6BKJy4auR041BxF+wHZBSVF5n5D2DLC+VcBL7MgVXaddyWGkr3UU8U67T
+V/o6VEnGTKwZ/a/RAHB8Aex2/GFfEivsaBYe8gbhbzFjCWkoKg0jkjqKDw9Dwk3n
+7Lo5GrWoHASyFYB/FM6rjDBW0bT97MVJog==
-----END CERTIFICATE-----
diff --git a/tests/security-resources/client-ca-keystore.p12
b/tests/security-resources/client-ca-keystore.p12
index d04fbb172c..e9588060ed 100644
Binary files a/tests/security-resources/client-ca-keystore.p12 and
b/tests/security-resources/client-ca-keystore.p12 differ
diff --git a/tests/security-resources/client-ca-truststore.jceks
b/tests/security-resources/client-ca-truststore.jceks
index f5c9a67ca5..f6fda07a31 100644
Binary files a/tests/security-resources/client-ca-truststore.jceks and
b/tests/security-resources/client-ca-truststore.jceks differ
diff --git a/tests/security-resources/client-ca-truststore.jks
b/tests/security-resources/client-ca-truststore.jks
index 1fa96e3bda..feb1f29e51 100644
Binary files a/tests/security-resources/client-ca-truststore.jks and
b/tests/security-resources/client-ca-truststore.jks differ
diff --git a/tests/security-resources/client-ca-truststore.p12
b/tests/security-resources/client-ca-truststore.p12
index a04081dd0b..30bd31c173 100644
Binary files a/tests/security-resources/client-ca-truststore.p12 and
b/tests/security-resources/client-ca-truststore.p12 differ
diff --git a/tests/security-resources/client-ca.pem
b/tests/security-resources/client-ca.pem
index 7bf5cd2bef..0d23aba857 100644
--- a/tests/security-resources/client-ca.pem
+++ b/tests/security-resources/client-ca.pem
@@ -1,32 +1,32 @@
Bag Attributes
friendlyName: client-ca
- localKeyID: 54 69 6D 65 20 31 37 30 31 39 36 37 37 33 32 36 35 35
+ localKeyID: 54 69 6D 65 20 31 37 31 31 31 30 38 32 38 39 34 37 36
Key Attributes: <No Attributes>
-----BEGIN PRIVATE KEY-----
-MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCGo/S6J3MUQn02
-sqIUzEqlgrrZAFxPK0wym6Zq07d0TJJqicNrDt7Z9AmZHH5H/tXl7CR0aB/boVGS
-OwnPrxhQn1hfUU4uGgo2BbU15m9BQLDpdU00Yw4Fm3slGCNuSqVQc+eyQ9xpRZRa
-NLS0JHPwtUFlN3ZaVOSDYeb6P9UouIa1Ul/Px7p/KnWmYOG431BpzWtB+Zz35Amm
-YwGpgCqei+dHtHC0uD0Aj4VTHR+rlNghCQ8TVETd4rQ+s92CUXhacTTNx5g8C4FM
-UHLwckOtEHPdGlIoSqlyo/K5RSZ++nf5JB98Y9p+bZrGOPxjcYfj9FvMIR+Au7oJ
-aP70mg2zAgMBAAECggEAdj5/qw0CUASkmuj+120jEYBiQDnE1/KalMeFu8P8FbM5
-0z7x1I/Wv2tHEqSncusnRynASks3z1c5oEchMrf/jq6imfN5yZss5IzWvGOHybLa
-q+1MxHlJ0zrdR5KPa0k7LhDcpv5aEEn/I8mt+ZcaC4fjytSOqH5twcS1aYmt1ngR
-aQKd3UkB5AhxbHcx3V4iX9opdy0NhwaimAGY+U7yVE7tc58n/ZA5FPF2GImuyQOS
-F12LytmtDIkMjSmBERNlU+67t79rx5a91Tavy8Hz0htEzNQ4wulG/v+Jqnbdh7j7
-dpCN7EvTDQ08jDihuUpFPVo1UF9Atrn3c3zJuGy8gQKBgQDGQO7EeHUZzb+yyF+M
-9XP+8R9Sb/4qoDMpAIn/5le9sN/riYQbCctQ2HmbxMGm3vu7FUl8MrRvCLCiASK8
-5ng4oP3pel3P4jUvnVy57WzgfkmdKhSB1sxojtMOibLZgP09bRT/Q1bTKLJtA5GY
-imt3cg0fF0YD0UI8GaNEmNxFUQKBgQCt251PKK3GzCo1J6iheiwSMkuG47WBcnLL
-1oYl61TH7z/pKEs4GGCE31xn7+P88QY7XftNmJkuh91u0SMdCf4w3yHYzz62OdZL
-go9tov5F06K1kkOmQ23ORtTbGnNlrNBTsDYIjnoufWMIf66RsAO9d7k3f/o4bXBa
-88rLCpDxwwKBgQClxT+g+pP32olzJYZ35/lw8A9fsBNXcxK0MyYw2lr9WvsxCJB0
-x1DBLfEpZXEDZioY+aizd/ZVbW+8VrTEPPXDbCJD6rSskZolUTBqqvNCF3bYOoph
-MslCmEI0QsFQi0G07hQDiTv9XmcrLjO81+kaPDxqhdxebsgyVsGlJyfvsQKBgEZY
-9KARH6+u8O0tLOiZ3LdILpNYFBtayeR82y8At/9maX/YVAdQpc1d67AKuz+f7xua
-fZL6ShEv3IN4kDKx1m7D+pgV05Q8dt965rpAF479gXriwgjGg+nRc1NssoDTmkAi
-rtprfDjPd4D62RIOHJVPmlxApmiqr6m9t7LMhbWtAoGBAITtzDRoOwDGwA3UB3cR
-ObFmijIzfjqxU0Q3T4QZe6gbLE1ExEdXMcMX/JhU6n4LJ/FcAf7/dwm15xqIQmzK
-iqmRb8Nnk0li1pUxusZ2jt5W4DGmafim7XdzDaLpSukws51Zj7WpiFDBBaQbww7k
-0yWnt8ORrQTF6/2ZESuODqK0
+MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCXxwUIaikPjcKF
+chyYQE1ESZoUbBjeeVGS+bKFftfSn7uwxUVvWjESQuXQG/2+W5zt9pA8LnWKQ8UT
+twV1a+xMDGQOwwL/eWcC95VxomL73H6d02WxMvdYhldD8kGr1aBlvheuXUHCr7EB
+/nyj+mBzyxjqaBcgmC17kdUtkHU36mobUJ47iyJW9V57Dvgx3mCHeDPAiSrqy8Sh
+FHqa/H6KZrjL3jZup07+tfMEqRUo8zdajOA6P7nLugz2h6DwHTHy8f+c7YdkAzmU
+GErmjRkOkOs5rpDjjmBmqNyfXd8Ro0CFOj4CTnHtkxmS6Klk+MgSD/0XBwLSozac
+mHLyUEtLAgMBAAECggEAIPYLLUMkzKhsFJ/t/tCEFy7mw8Wf9vygzwrkDqK3yxl+
+YMrOo/qRypX1o6bYibUKlRElTLSIOTEzhO8Lw+7en7tXJW+LYKDkUpwi+80Ysvq1
+EqBcpslbNwHhxLNBOMiJb18DdI3zII0YI0c5mUDgHnV+YTWexCjYQ8wtYBpNookz
+utW+pLPJ9T2eQQ5rhZ7GL5UmLhg/ymrQ+uu16iGVNpMCPj9Dzfo434SYv5JaJ81w
+vEmyivrVlP8gxym5eeK3sOcDfcoz6WEgW2Yn8yasVULrlPnrGgUh+ptnQb2kqyVS
+dqLyBF0FauP38nXCezbfuf+RUcBNb5x+SeKKaQzxMQKBgQC+HKnfCtrOQX2No+JN
+/05XqEOjD/XivSocJd2fuH8N4shJQ9NM8CSyEPFB1YQCzOa+OAgYH1C+m4sN2wGR
+U0+Y8M+4x42qp+wty7USaZQqn9JBZqLTwPwADq7pKld+uY69mDfKaYX51kyUm5zb
+WMm9m7OnM/9UO3Asno+falxq+wKBgQDMYTGP2W9f37HMBp79IoWbDgmW6vitPoTz
+5YOXLO3jex/BqhnSh4e7pXFxiLx7ciKRzMad/Ebh8ACO4aHpTqVng9NTHPfd5LaG
+BZ/Egu7QYKNvElwvLHp4vRxDfydEZ7Fo+vXLgLKjBwkGVrs+kNTdNZfblmTqDFdL
+K6AnlSqv8QKBgDVFWuRA6mb5OvFBhtxMOeueHrXGdyP91ZrlkWB8Fj4R2gWNl9vr
+Pp0W2kOUTNVsDQwoLzxzKfD/LMvJHntWWOuGLu6cHDpBq5B5kFeEdhwrhIMG+4FS
+hkqN0r1LPBEqdbDywk9Zmk0Tm4nYwO9FxeH3izPDAjzcGual16DX8OWZAoGAJwAd
+DxA0+pybNw3EZRWjXTVOiygHkDev80LG26BNPO2P38rv5obKVfp6LWokXYIoKp5j
+AF7Vv+Oml51i4jyJv7keKGwMuKEeW3DTThKWM9ldFqLwSGg6brPXouGuwpTu+9N3
+9/91FzsOc9E1JflJRXUmp1aJp0f3mHaYtzT10mECgYBVmuH3T3zcjLcI3VJ6TW+k
+E7X40XmpgLLRbB/H5KDyhm4amn6OpXJxcxwv920FBK2C7CVE+FiyfnB0aT/q4I/+
+wNV3m1anzYqAmUFJ7A7ha1eOLxg7jKgfvcN6qfvrSJX43ClWd4bkwdjBfzz6WWAv
+dIbe6F+cINGho+JRwdc7Pw==
-----END PRIVATE KEY-----
diff --git a/tests/security-resources/client-key-cert.pem
b/tests/security-resources/client-key-cert.pem
index d8041a2e95..bb31733511 100644
--- a/tests/security-resources/client-key-cert.pem
+++ b/tests/security-resources/client-key-cert.pem
@@ -1,87 +1,88 @@
Bag Attributes
friendlyName: client
- localKeyID: 54 69 6D 65 20 31 37 30 31 39 36 37 37 33 35 35 38 36
+ localKeyID: 54 69 6D 65 20 31 37 31 31 31 30 38 32 39 32 37 38 34
Key Attributes: <No Attributes>
-----BEGIN PRIVATE KEY-----
-MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQCIkFoX0dZKHYjq
-aB9tWy7Hi4d09sKpLFqpVCv/KrHPMTLXAKXCgb43lnPOD5nlFdHq/JAOn/bDsjkZ
-5IQn3ACVsZKopFLfy0ivPpdrHbfoOWtlTUm5RR7tQDiJfnpjAt07AMy3EQ7OARmV
-1lWjpvcs4LkGkUQG1qj6hsIEvQ68L4CPn/ZYv/M4VSt3LL6asGLgNBAi+n0wJFe7
-VFXawlpc/zm0K95Wu+ml0CBYD2kaodlOzJmeId3nZHB8noYNIk0/xflZ9EQVASUI
-zSo3fHziiv8D7CR454KC6KzxTvuDSCzQBDb9eoirXQ2ejUnF4IDXIk1hoa7GEQsm
-ZsWp+EJpAgMBAAECggEBAIZ3LF6b3RYpMrEsSRWSXONafcwrVMziwXpNSOz9Cwtp
-9BdDqfN1cOinGevh7LRm4cUxXl8oHv/eMt9N5Nqig2jh6fhnpLp7HVyAkvOD1Zux
-PhAHI/prFuKhA4pOoQ9wuIjqZqgzAZLR/nFNFBIJywPDWiwfSQ46uzPDELM9vI6J
-9KvFM8F6mdtSHQ0jbPuphOQMJDZoVkxxILaUibsZtsSR+U/ePn+VdMkOYmQ7QvVi
-v4Pxej5rgW4lAfdqLRh6lTER5hxsXPbIFscgHB+0TietY1nx8bHPM29/zaooJH04
-+oCppFL/H9mTmJfDkJlG8lLAY25HIAM1EpSPvbbyzMkCgYEA7TIHf4XNjw68rIpq
-YBD4wesv52Eno+ay6y3o7G9EIUTMwPDA8OV0MMxsyu3TllzhSQZCi0LzatE5RboO
-a/1UCy+RKA5KjSarekfQo/Ag0ay7peUcGdydHYly5ki6OPbm7vZ0veriO6EXqn5R
-OwkzQJt44O1okovgXZYCJ7GggSMCgYEAk2P3oUUQexGwlTUSDYxdiFrE/D5Zpk5T
-Lo4UwphIy0RTIz+HFbnAj1W80Z2wX453CG38NsYc6E0iu4DwErAsx9Y98fvLYdjW
-IgZ4sPdKmklSe2g3Mlan2wCSfFB4taxrrykyRdafLTZ/vkcShSUkOCQqYQal9a5i
-Ml6ky+YjtQMCgYEAvf8lInD7h2w2lb8KFomBuVO6u4yHRDK3fsr3mOxHlp6VpLc0
-1cH2oGAfhS2cHwWnL+djxkmK0jVluwSeKMJzX8Jqc7t+3DHtibWc2rSulUXXybsM
-F2swL0i6UNxQzvB3a1LfkIFlVn5jhp5IUxG7jDT9Tq7c5QZGYrCWaVVPTCECgYAZ
-Vs9kz13U+qaUEEqpP5946LoC76kz+TU9xLl29v1UzMtKPQq5RnT/b2sF0olW9EQs
-k9QPiqG/ojs9Zx5e6CDavk9qAbLmgIPX16r6KZmOyto+Ux1iLxmugfutGZyXByyA
-MaHt9cbp2/u8N7XMZCVE7ZrHkYAIq9E//ZtxXoB3BwKBgQDZrEA4i2kCo1XXfqW3
-s3WGcLU+OIKMIM89hypoAzvLt9IUX7DwSO3lbHxhIGI2y4pav8vAWAPe78Gd6VOY
-78tUE9nVC42rMSrrC93jDyqRC6PFKOtoxBgotYOhP/gZSJEtiSBqXhG7nYyJ4OIl
-0wGcRusJmrC0+3S/Kc/NSScGbw==
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDABinqOLO9G+8C
+jHY0gWiyNcLZEerM1SCvfj4edwyeWOZPfvas6oZde4mfo6y8pZgI4eTDrfIQ+FWI
+qxC8l8I8gXfQesNB3YZCY5Y6a18pIzhgKyfGWisw45VR0j0eq50cN6HawA7GLmQi
+bA4kAZjRTkbRADUXZ4ILFUa48zWw19t8UCUuWxqc7nKaijNPghKTdPrOwWgdgbwz
+GpO93MM//GGmS5DmOKdBOoS1d1rpK8Zk5h56kjfvLm5/cXv2OoBEuZnWQNF1IZpV
+qo1e57M/vQWH17/Lhlx5t6+PjzXVlYZcQAmpyqCjFX9CFbBYupArHtpm30X+4YpF
+AuqhSMvRAgMBAAECggEAHy+BFCh0TGSievv74IgZzEN96woFY5HDdqzegs0b0AWp
+FcUNY8TM4JbFIZeP4K1WFS82m27/DrF+Fq2NkMtmwLPYFRQy7NoAyXxp8//nGwO8
+zqWDlqujMxPq9rhZs8b0Q5ZnY2Loo1f6bDq3SzK1MlzvlFbfyHbHgGxKqZPaJueH
+KmdbR2U1Wa7qdNNCC93X9Qq1v3/hIiiBQ0in3plMtikgfC+5hP2DZMR3aJSNTG/n
+kWxK4piBIfF3OCHvFusQCAGlRBgonfXLL+6FUlQfzF/xFxeKaBxtCkS+I2a8QPuX
+VvLWm5dnGSPrRrqMnPMgZkoE/zFfYozCgEjH2n1Q9wKBgQD3gMuS0BZM68wt6EUJ
+okewU5H+5Ls9I6eGxI/4Ab+ygnOpLhZUqGpfK9RM/984FXIAjZ7p6aNnoFGJER6a
+7MCzDQkt61DIT7X7NFtkkUF9WAbn3xhB+tqwabD8XETP0ZgQd5kgjTd8myCJLr82
+i5tKuYFpOE8uAtBPHV6VB7FqIwKBgQDGnckm/jRVdRfTiWyfo0wRAPxsoUNUW2GB
+JCyDJbX4VAt6IXJMiy5ZWKosSI3txKDFOD+DY1UdSduOsjtHSWEBRuXfAH2Bg0Mp
+hXIZ6BV/Sdzge0MX495JUs/7wB6Ye+TrYyys/qdN0iCndQ3gvq9fMZoXi830RNiM
+/dUVvy5PewKBgFvIADX2Qn7N5k6T1p4m9qy1oOtECQc4JJS+aaEPjPX2mEuBkrhc
+J+4ZA8Z2EGHs2fTIj8iwYm84LWRF2/KZnzAGwoOrwq41mQeJt+aIUx/XN+Beg9Fb
+5CMNXpuG3+GtGNXqc/d1RsFHiX41vqTMio7gUdQiFIK8emEMRBnB25G/AoGBAIVB
+Y64Xq4ESeJPihdBtPSHDaZhwcb3tOXPtkzfCW15q9PBR9F/KmaQ0Sqg/XYoC/GKV
+pHdAc+CcpwQMLJ1dbAnxSVTe/VWhfbQj5jPfdFzcb6bkzFUA+yhyuTwM3/oqVaJf
+/Z9rk1AxBNuVO2RoSz0xCFN35wxWDHw76XUXubh1AoGASevvtnKnrzoGfJtaJ903
+YMzFLfdyfDjfES4I06eDjHOLiBVg/tlgcuOpWpXlxlrIsXtR/Q5MM3XnKkASdKIs
+MH9jJzyV8dPLOC1U41QO2Be5L+fNn3zTqcz1Lv4mRTwgt/g5YE+dmDDfrRZaGq0M
+Fn8JKRZVK59xV5FFH3wqfag=
-----END PRIVATE KEY-----
Bag Attributes
friendlyName: client
- localKeyID: 54 69 6D 65 20 31 37 30 31 39 36 37 37 33 35 35 38 36
+ localKeyID: 54 69 6D 65 20 31 37 31 31 31 30 38 32 39 32 37 38 34
subject=C = AMQ, ST = AMQ, L = AMQ, O = ActiveMQ, OU = Artemis, CN = ActiveMQ
Artemis Client
issuer=O = ActiveMQ, OU = Artemis, CN = ActiveMQ Artemis Client Certification
Authority
-----BEGIN CERTIFICATE-----
-MIIDzjCCAragAwIBAgIEGCpcHTANBgkqhkiG9w0BAQsFADBfMREwDwYDVQQKEwhB
-Y3RpdmVNUTEQMA4GA1UECxMHQXJ0ZW1pczE4MDYGA1UEAxMvQWN0aXZlTVEgQXJ0
-ZW1pcyBDbGllbnQgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwIBcNMjMxMjA3MTY0
-ODU0WhgPMjEyMzExMTMxNjQ4NTRaMHExDDAKBgNVBAYTA0FNUTEMMAoGA1UECBMD
-QU1RMQwwCgYDVQQHEwNBTVExETAPBgNVBAoTCEFjdGl2ZU1RMRAwDgYDVQQLEwdB
-cnRlbWlzMSAwHgYDVQQDExdBY3RpdmVNUSBBcnRlbWlzIENsaWVudDCCASIwDQYJ
-KoZIhvcNAQEBBQADggEPADCCAQoCggEBAIiQWhfR1kodiOpoH21bLseLh3T2wqks
-WqlUK/8qsc8xMtcApcKBvjeWc84PmeUV0er8kA6f9sOyORnkhCfcAJWxkqikUt/L
-SK8+l2sdt+g5a2VNSblFHu1AOIl+emMC3TsAzLcRDs4BGZXWVaOm9yzguQaRRAbW
-qPqGwgS9DrwvgI+f9li/8zhVK3csvpqwYuA0ECL6fTAkV7tUVdrCWlz/ObQr3la7
-6aXQIFgPaRqh2U7MmZ4h3edkcHyehg0iTT/F+Vn0RBUBJQjNKjd8fOKK/wPsJHjn
-goLorPFO+4NILNAENv16iKtdDZ6NScXggNciTWGhrsYRCyZmxan4QmkCAwEAAaN+
-MHwwHQYDVR0OBBYEFAuvq7i0CQqcrhUxgsgccmRcnKJXMBoGA1UdEQQTMBGCCWxv
-Y2FsaG9zdIcEfwAAATAJBgNVHRMEAjAAMB8GA1UdIwQYMBaAFKUM1JFbFBp0jlZ9
-Cb6UbaPQAOr7MBMGA1UdJQQMMAoGCCsGAQUFBwMCMA0GCSqGSIb3DQEBCwUAA4IB
-AQBX9nafR8GU+LZi/kP2F7j+4Z4yUKw2afUux0UbrV49GIXV42ELNyt1+0dNwhdp
-LuZU+1AwBgJc7GgE7KagYcaqgEN51NP4dIC1qL6OM+MNUgfyjjbeLED/Hxr7YPqq
-AhQoYYw7CdEVnSqwY6BknuHiMEW0aakZhInCNP+6A6Wf4x0lf7fhEYxoN7J0YZgl
-JFzNT1kKN7K/sH/EK0h9Le038ckERnr9cDgBrP7WwzDBMszYf6iWGkOQ4ENWrsF9
-W87l41aqPO+bjK5WdNsrACwaRaoL7xqJJlxonOuW2LjidgdLZYp1Kna0OT/FR9/Y
-9Q3yxoadGlb6P6BTb3VXFHVr
+MIID7jCCAtagAwIBAgIJANaUYBHdNtAQMA0GCSqGSIb3DQEBCwUAMF8xETAPBgNV
+BAoTCEFjdGl2ZU1RMRAwDgYDVQQLEwdBcnRlbWlzMTgwNgYDVQQDEy9BY3RpdmVN
+USBBcnRlbWlzIENsaWVudCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAgFw0yNDAz
+MjIxMTUxMzFaGA8yMTI0MDIyNzExNTEzMVowcTEMMAoGA1UEBhMDQU1RMQwwCgYD
+VQQIEwNBTVExDDAKBgNVBAcTA0FNUTERMA8GA1UEChMIQWN0aXZlTVExEDAOBgNV
+BAsTB0FydGVtaXMxIDAeBgNVBAMTF0FjdGl2ZU1RIEFydGVtaXMgQ2xpZW50MIIB
+IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwAYp6jizvRvvAox2NIFosjXC
+2RHqzNUgr34+HncMnljmT372rOqGXXuJn6OsvKWYCOHkw63yEPhViKsQvJfCPIF3
+0HrDQd2GQmOWOmtfKSM4YCsnxlorMOOVUdI9HqudHDeh2sAOxi5kImwOJAGY0U5G
+0QA1F2eCCxVGuPM1sNfbfFAlLlsanO5ymoozT4ISk3T6zsFoHYG8MxqTvdzDP/xh
+pkuQ5jinQTqEtXda6SvGZOYeepI37y5uf3F79jqARLmZ1kDRdSGaVaqNXuezP70F
+h9e/y4Zcebevj4811ZWGXEAJqcqgoxV/QhWwWLqQKx7aZt9F/uGKRQLqoUjL0QID
+AQABo4GYMIGVMB0GA1UdDgQWBBQhXlzDqOhheZmJ5hs2zgDKLmGXZDAzBgNVHREE
+LDAqghdjbGllbnQuYXJ0ZW1pcy5hY3RpdmVtcYIJbG9jYWxob3N0hwR/AAABMAkG
+A1UdEwQCMAAwHwYDVR0jBBgwFoAUmQHkKAJROOr1cSjoSuMcvR0s0OswEwYDVR0l
+BAwwCgYIKwYBBQUHAwIwDQYJKoZIhvcNAQELBQADggEBAIqZxEeS2TSLoCdaPu3D
+i4KaYBKJaUgKNZw/EOeB/kK+yxFEfRxbuQwtrkNt1mg3uEoDvL1GDa/6hZocWsx5
+eWZNQmDmCnsSPzFI/C08XJh4xKe4y05o7jejDnMFWzM6vzRZrGlylEUHXhRdXAKA
+TmeZRuysvIwUiZsZksxHGl1dZmFasD7LjzxybSlrkuJLj+vKDHKG9khp7OSXeRA3
+0lQplc20h6SLjbowTjlB/TvebEIaaAgQ4p5nXmKrgt5Aq0aBefqGOmzMbTFxk1nW
+Q/hIaO/sLVcmMrAbP802ECg/x6d9P9MPQUZeH6sUwElFr5NN8MDFyVDO46YyC1bg
+BLU=
-----END CERTIFICATE-----
Bag Attributes
friendlyName: CN=ActiveMQ Artemis Client Certification
Authority,OU=Artemis,O=ActiveMQ
subject=O = ActiveMQ, OU = Artemis, CN = ActiveMQ Artemis Client Certification
Authority
issuer=O = ActiveMQ, OU = Artemis, CN = ActiveMQ Artemis Client Certification
Authority
-----BEGIN CERTIFICATE-----
-MIIDcDCCAligAwIBAgIEJbym6DANBgkqhkiG9w0BAQsFADBfMREwDwYDVQQKEwhB
-Y3RpdmVNUTEQMA4GA1UECxMHQXJ0ZW1pczE4MDYGA1UEAxMvQWN0aXZlTVEgQXJ0
-ZW1pcyBDbGllbnQgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwIBcNMjMxMjA3MTY0
-ODUyWhgPMzAyMzA0MDkxNjQ4NTJaMF8xETAPBgNVBAoTCEFjdGl2ZU1RMRAwDgYD
-VQQLEwdBcnRlbWlzMTgwNgYDVQQDEy9BY3RpdmVNUSBBcnRlbWlzIENsaWVudCBD
-ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
-AQoCggEBAIaj9LoncxRCfTayohTMSqWCutkAXE8rTDKbpmrTt3RMkmqJw2sO3tn0
-CZkcfkf+1eXsJHRoH9uhUZI7Cc+vGFCfWF9RTi4aCjYFtTXmb0FAsOl1TTRjDgWb
-eyUYI25KpVBz57JD3GlFlFo0tLQkc/C1QWU3dlpU5INh5vo/1Si4hrVSX8/Hun8q
-daZg4bjfUGnNa0H5nPfkCaZjAamAKp6L50e0cLS4PQCPhVMdH6uU2CEJDxNURN3i
-tD6z3YJReFpxNM3HmDwLgUxQcvByQ60Qc90aUihKqXKj8rlFJn76d/kkH3xj2n5t
-msY4/GNxh+P0W8whH4C7uglo/vSaDbMCAwEAAaMyMDAwHQYDVR0OBBYEFKUM1JFb
-FBp0jlZ9Cb6UbaPQAOr7MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQAD
-ggEBAFmb6rDuirRpEpO/+jXRqq3A4gqMW4Qbjqb61pIQyNim+0Z+RDwQn4nfnZxY
-CaAlRiwg7Ihr85brwHcAC2YG/ir3AEcY70r15xIFCiRkDo47r8cXhTAiQfVBjd1j
-m1Bo1w1Sae/Vhe/Jryuqz7C+lXads6xWr9x+RoKb9IDgRhz6aVUBQfkyuusm3D+c
-RN7i3IRD2ypf1dEAH51+n+U3gEtWbztA2R1MFCGq/pWfEbMaI7fkBu77h6e/Okwq
-dNAbXMYlKvv/BgkmzPvHWtepa/1vWZmyC1t0Oo3jNBrUMPCrkQwHbSMl9vMQwICJ
-LnIXqz1dSY/M11jjOVS8ZoZ0gdE=
+MIIDdTCCAl2gAwIBAgIJAJkUaBwB0GpUMA0GCSqGSIb3DQEBCwUAMF8xETAPBgNV
+BAoTCEFjdGl2ZU1RMRAwDgYDVQQLEwdBcnRlbWlzMTgwNgYDVQQDEy9BY3RpdmVN
+USBBcnRlbWlzIENsaWVudCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAgFw0yNDAz
+MjIxMTUxMjlaGA8zMDIzMDcyNDExNTEyOVowXzERMA8GA1UEChMIQWN0aXZlTVEx
+EDAOBgNVBAsTB0FydGVtaXMxODA2BgNVBAMTL0FjdGl2ZU1RIEFydGVtaXMgQ2xp
+ZW50IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEAl8cFCGopD43ChXIcmEBNREmaFGwY3nlRkvmyhX7X0p+7sMVF
+b1oxEkLl0Bv9vluc7faQPC51ikPFE7cFdWvsTAxkDsMC/3lnAveVcaJi+9x+ndNl
+sTL3WIZXQ/JBq9WgZb4Xrl1Bwq+xAf58o/pgc8sY6mgXIJgte5HVLZB1N+pqG1Ce
+O4siVvVeew74Md5gh3gzwIkq6svEoRR6mvx+ima4y942bqdO/rXzBKkVKPM3Wozg
+Oj+5y7oM9oeg8B0x8vH/nO2HZAM5lBhK5o0ZDpDrOa6Q445gZqjcn13fEaNAhTo+
+Ak5x7ZMZkuipZPjIEg/9FwcC0qM2nJhy8lBLSwIDAQABozIwMDAdBgNVHQ4EFgQU
+mQHkKAJROOr1cSjoSuMcvR0s0OswDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0B
+AQsFAAOCAQEAdraRmTJvQ4lE+3pg4oz8IZbPhoXQRi/9xMOuDMgaBngxcIy/orT0
+0+rMQDw/UpPvGYzHzxG7F9Euw2HvxF/fGTLrHXLDlPlGmORwWvGR3nRPxCG8wi2b
+Zc7d9WUZ5zfIZ346ht/1QuyHHCLU9gaJP1irJA1fJ3ZJdnIDcjG17keM51vF8Jtl
+J08WzHQ6BKJy4auR041BxF+wHZBSVF5n5D2DLC+VcBL7MgVXaddyWGkr3UU8U67T
+V/o6VEnGTKwZ/a/RAHB8Aex2/GFfEivsaBYe8gbhbzFjCWkoKg0jkjqKDw9Dwk3n
+7Lo5GrWoHASyFYB/FM6rjDBW0bT97MVJog==
-----END CERTIFICATE-----
Bag Attributes
friendlyName: client-ca
@@ -89,23 +90,23 @@ Bag Attributes
subject=O = ActiveMQ, OU = Artemis, CN = ActiveMQ Artemis Client Certification
Authority
issuer=O = ActiveMQ, OU = Artemis, CN = ActiveMQ Artemis Client Certification
Authority
-----BEGIN CERTIFICATE-----
-MIIDcDCCAligAwIBAgIEJbym6DANBgkqhkiG9w0BAQsFADBfMREwDwYDVQQKEwhB
-Y3RpdmVNUTEQMA4GA1UECxMHQXJ0ZW1pczE4MDYGA1UEAxMvQWN0aXZlTVEgQXJ0
-ZW1pcyBDbGllbnQgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwIBcNMjMxMjA3MTY0
-ODUyWhgPMzAyMzA0MDkxNjQ4NTJaMF8xETAPBgNVBAoTCEFjdGl2ZU1RMRAwDgYD
-VQQLEwdBcnRlbWlzMTgwNgYDVQQDEy9BY3RpdmVNUSBBcnRlbWlzIENsaWVudCBD
-ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
-AQoCggEBAIaj9LoncxRCfTayohTMSqWCutkAXE8rTDKbpmrTt3RMkmqJw2sO3tn0
-CZkcfkf+1eXsJHRoH9uhUZI7Cc+vGFCfWF9RTi4aCjYFtTXmb0FAsOl1TTRjDgWb
-eyUYI25KpVBz57JD3GlFlFo0tLQkc/C1QWU3dlpU5INh5vo/1Si4hrVSX8/Hun8q
-daZg4bjfUGnNa0H5nPfkCaZjAamAKp6L50e0cLS4PQCPhVMdH6uU2CEJDxNURN3i
-tD6z3YJReFpxNM3HmDwLgUxQcvByQ60Qc90aUihKqXKj8rlFJn76d/kkH3xj2n5t
-msY4/GNxh+P0W8whH4C7uglo/vSaDbMCAwEAAaMyMDAwHQYDVR0OBBYEFKUM1JFb
-FBp0jlZ9Cb6UbaPQAOr7MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQAD
-ggEBAFmb6rDuirRpEpO/+jXRqq3A4gqMW4Qbjqb61pIQyNim+0Z+RDwQn4nfnZxY
-CaAlRiwg7Ihr85brwHcAC2YG/ir3AEcY70r15xIFCiRkDo47r8cXhTAiQfVBjd1j
-m1Bo1w1Sae/Vhe/Jryuqz7C+lXads6xWr9x+RoKb9IDgRhz6aVUBQfkyuusm3D+c
-RN7i3IRD2ypf1dEAH51+n+U3gEtWbztA2R1MFCGq/pWfEbMaI7fkBu77h6e/Okwq
-dNAbXMYlKvv/BgkmzPvHWtepa/1vWZmyC1t0Oo3jNBrUMPCrkQwHbSMl9vMQwICJ
-LnIXqz1dSY/M11jjOVS8ZoZ0gdE=
+MIIDdTCCAl2gAwIBAgIJAJkUaBwB0GpUMA0GCSqGSIb3DQEBCwUAMF8xETAPBgNV
+BAoTCEFjdGl2ZU1RMRAwDgYDVQQLEwdBcnRlbWlzMTgwNgYDVQQDEy9BY3RpdmVN
+USBBcnRlbWlzIENsaWVudCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAgFw0yNDAz
+MjIxMTUxMjlaGA8zMDIzMDcyNDExNTEyOVowXzERMA8GA1UEChMIQWN0aXZlTVEx
+EDAOBgNVBAsTB0FydGVtaXMxODA2BgNVBAMTL0FjdGl2ZU1RIEFydGVtaXMgQ2xp
+ZW50IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEAl8cFCGopD43ChXIcmEBNREmaFGwY3nlRkvmyhX7X0p+7sMVF
+b1oxEkLl0Bv9vluc7faQPC51ikPFE7cFdWvsTAxkDsMC/3lnAveVcaJi+9x+ndNl
+sTL3WIZXQ/JBq9WgZb4Xrl1Bwq+xAf58o/pgc8sY6mgXIJgte5HVLZB1N+pqG1Ce
+O4siVvVeew74Md5gh3gzwIkq6svEoRR6mvx+ima4y942bqdO/rXzBKkVKPM3Wozg
+Oj+5y7oM9oeg8B0x8vH/nO2HZAM5lBhK5o0ZDpDrOa6Q445gZqjcn13fEaNAhTo+
+Ak5x7ZMZkuipZPjIEg/9FwcC0qM2nJhy8lBLSwIDAQABozIwMDAdBgNVHQ4EFgQU
+mQHkKAJROOr1cSjoSuMcvR0s0OswDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0B
+AQsFAAOCAQEAdraRmTJvQ4lE+3pg4oz8IZbPhoXQRi/9xMOuDMgaBngxcIy/orT0
+0+rMQDw/UpPvGYzHzxG7F9Euw2HvxF/fGTLrHXLDlPlGmORwWvGR3nRPxCG8wi2b
+Zc7d9WUZ5zfIZ346ht/1QuyHHCLU9gaJP1irJA1fJ3ZJdnIDcjG17keM51vF8Jtl
+J08WzHQ6BKJy4auR041BxF+wHZBSVF5n5D2DLC+VcBL7MgVXaddyWGkr3UU8U67T
+V/o6VEnGTKwZ/a/RAHB8Aex2/GFfEivsaBYe8gbhbzFjCWkoKg0jkjqKDw9Dwk3n
+7Lo5GrWoHASyFYB/FM6rjDBW0bT97MVJog==
-----END CERTIFICATE-----
diff --git a/tests/security-resources/client-keystore.jceks
b/tests/security-resources/client-keystore.jceks
index 6118f80b8e..3d9b5ef866 100644
Binary files a/tests/security-resources/client-keystore.jceks and
b/tests/security-resources/client-keystore.jceks differ
diff --git a/tests/security-resources/client-keystore.jks
b/tests/security-resources/client-keystore.jks
index 3b7d5e3f21..2c23b236d3 100644
Binary files a/tests/security-resources/client-keystore.jks and
b/tests/security-resources/client-keystore.jks differ
diff --git a/tests/security-resources/client-keystore.p12
b/tests/security-resources/client-keystore.p12
index a99065d63e..df084e2c08 100644
Binary files a/tests/security-resources/client-keystore.p12 and
b/tests/security-resources/client-keystore.p12 differ
diff --git a/tests/security-resources/other-client-crl.pem
b/tests/security-resources/other-client-crl.pem
index c3b9765473..81c3fc59fa 100644
--- a/tests/security-resources/other-client-crl.pem
+++ b/tests/security-resources/other-client-crl.pem
@@ -1,12 +1,12 @@
-----BEGIN X509 CRL-----
-MIIB0zCBvAIBATANBgkqhkiG9w0BAQsFADBfMREwDwYDVQQKEwhBY3RpdmVNUTEQ
+MIIB1zCBwAIBATANBgkqhkiG9w0BAQsFADBfMREwDwYDVQQKEwhBY3RpdmVNUTEQ
MA4GA1UECxMHQXJ0ZW1pczE4MDYGA1UEAxMvQWN0aXZlTVEgQXJ0ZW1pcyBDbGll
-bnQgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkXDTIzMTIwNzE2NDg1OFoYDzIxMjMx
-MTEzMTY0ODU4WjAXMBUCBC+fTRwXDTIzMTIwNzE2NDg1OFqgDjAMMAoGA1UdFAQD
-AgEAMA0GCSqGSIb3DQEBCwUAA4IBAQA4h2JCaBPm4qBKVN6xzwMj/eszkCyGUczE
-yxI7j2Gyn+Wr3WQ+W6HwedY9HCG83SLFaxc3DpMHCE6qfASFoZ3+cv4qXj+ezgL6
-rjti71lU7HZ2ET4lA9U5YnYrU2G4MzDCt2rxLqcc23v7y/qLcQ4mPt7XB/uOsKn9
-ddpe+bsAfXeh+95ECvWtn+2n4siu2QoNAkTTrhJpCPQYn6bJFiROZs/47d0V7EVB
-jOiuj1BP7TfhqQUzK2a0OzYK1xNN+Q+D29pEWxhP1XyRvull7q8s3EKC1o69lKss
-b/Ir/oGhGewQ7yiraX/0Ia0X9rlw5QP7f/s3+6yw+1mp4aea1+eH
+bnQgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkXDTI0MDMyMjExNTEzNloYDzIxMjQw
+MjI3MTE1MTM2WjAbMBkCCDX8+5iW7sP9Fw0yNDAzMjIxMTUxMzZaoA4wDDAKBgNV
+HRQEAwIBADANBgkqhkiG9w0BAQsFAAOCAQEAFFLNW5vD8vMv56DqlopUnrSlzfqW
+iqUgBOL1WnDhyMjHPvU1TXQg0MH5r/vjBoA+S7hljU1CHb1u8N7MEUY4iBqlGJsy
+u77wBQwPviQfJEb6hSByBzbHMgw2YgE+OUvhnnldnDiGnEQkT5ZZl1O9hVH3Fp8Y
+AmCF9qjvMNieM3V1HyML3iOHnNmQUyikvSWS+vlIl0AzD47tOXgHrkorbD/nHljP
+k/0gcVrKK3VHPxNtgVyhtfv+JhRQqekLWvZOKM+Cz5sdnGqOA2AkOfJmhu7kp/Lx
+DAbaTLUNHaLX+H8BG1PZ0iHDgnXQQXAzXfkJlEOp6bl3eaOXlMCC6J+tWA==
-----END X509 CRL-----
diff --git a/tests/security-resources/other-client-keystore.jceks
b/tests/security-resources/other-client-keystore.jceks
index 980fe86ecd..93ebf9886a 100644
Binary files a/tests/security-resources/other-client-keystore.jceks and
b/tests/security-resources/other-client-keystore.jceks differ
diff --git a/tests/security-resources/other-client-keystore.jks
b/tests/security-resources/other-client-keystore.jks
index 06ba9fd123..e1e55f0cf2 100644
Binary files a/tests/security-resources/other-client-keystore.jks and
b/tests/security-resources/other-client-keystore.jks differ
diff --git a/tests/security-resources/other-client-keystore.p12
b/tests/security-resources/other-client-keystore.p12
index db7b95fc85..1f724cf056 100644
Binary files a/tests/security-resources/other-client-keystore.p12 and
b/tests/security-resources/other-client-keystore.p12 differ
diff --git a/tests/security-resources/other-server-cert.pem
b/tests/security-resources/other-server-cert.pem
new file mode 100644
index 0000000000..52a926e293
--- /dev/null
+++ b/tests/security-resources/other-server-cert.pem
@@ -0,0 +1,30 @@
+Bag Attributes
+ friendlyName: other-server
+ localKeyID: 54 69 6D 65 20 31 37 31 31 31 30 38 32 38 34 39 35 33
+subject=C = AMQ, ST = AMQ, L = AMQ, O = ActiveMQ, OU = Artemis, CN = ActiveMQ
Artemis Other Server
+issuer=O = ActiveMQ, OU = Artemis, CN = ActiveMQ Artemis Server Certification
Authority
+-----BEGIN CERTIFICATE-----
+MIIEJzCCAw+gAwIBAgIJAIYtNmfo1IcvMA0GCSqGSIb3DQEBCwUAMF8xETAPBgNV
+BAoTCEFjdGl2ZU1RMRAwDgYDVQQLEwdBcnRlbWlzMTgwNgYDVQQDEy9BY3RpdmVN
+USBBcnRlbWlzIFNlcnZlciBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAgFw0yNDAz
+MjIxMTUxMjRaGA8yMTI0MDIyNzExNTEyNFowdzEMMAoGA1UEBhMDQU1RMQwwCgYD
+VQQIEwNBTVExDDAKBgNVBAcTA0FNUTERMA8GA1UEChMIQWN0aXZlTVExEDAOBgNV
+BAsTB0FydGVtaXMxJjAkBgNVBAMTHUFjdGl2ZU1RIEFydGVtaXMgT3RoZXIgU2Vy
+dmVyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAupddeWP1OET5W9A3
+UrVz0xYW3wGvmkrlsYjpqENqcaXmcsLXrvfxCoavQpWxrd2OtmTuHA59tWYyd8FW
+3Mvp7NnOUZ0Xz5nAgjHwhlfIQ2qhrKV8V+jUdcWsh+09elwO7qRbjllKRW2I4zVx
+KFzP3r1Ncojrb8V0wPAKjSWdZn8jptfzsondvlxkkU5CuX+6VTh1P099a4iHO9bT
+5UNFjJS9FTgN+ln8Iq5tSUJID1PsTY5Ob/LdEx5TVJ/xr1jwBRI2QrLtM3ju6Dtt
+y2eA8G17u/gPIpjCUnAf+xGHDePKJQ014nnSxPlfT/z0Fs4twapt7dBtwlLXIXht
+6E5UGQIDAQABo4HLMIHIMB0GA1UdDgQWBBRtzYiKCZfZCX5WUq38rGDHBIZuhTBm
+BgNVHREEXzBdgh1vdGhlci1zZXJ2ZXIuYXJ0ZW1pcy5hY3RpdmVtcYIJbG9jYWxo
+b3N0ghVsb2NhbGhvc3QubG9jYWxkb21haW6CFGFydGVtaXMubG9jYWx0ZXN0Lm1l
+hwR/AAABMAkGA1UdEwQCMAAwHwYDVR0jBBgwFoAUfI39SB/hKrHFXIQqijOWKIOk
+6FgwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDQYJKoZIhvcNAQELBQADggEBAMOoB/kr
+yA2zQ4buePXySKyUlcN5XzdyWqDXZI9gRXlyFgoHyOvr8xd6ak+EaxZVd6nZ99V+
+ua96UCuy9eiWi8iupdfTeBH2XJrdFUGmd54W/a9ORKIN0ljW5OLW2bmD3Gb/esJr
+sbiWmmgUpGW9CLlQiz8xkHLQvV1pl3xONe0AEr7EVw2Pkr6QhS0tmq36IJXTetPb
+Tccnj26YPaAVUozEHLzINakp8UonmFNLnNCjgtqAQ63yaw5BDyqTjb5xAMF4oyt8
+is45SO/2P6TSWc6i6YMA1rCJDM2jCrVIeHk3AZ4gsre/j23ZQc/EGBWTWYbZw6G8
+/nOiLulSd6+ulps=
+-----END CERTIFICATE-----
diff --git a/tests/security-resources/other-server-crl.pem
b/tests/security-resources/other-server-crl.pem
index 81d268278f..ecdf96481c 100644
--- a/tests/security-resources/other-server-crl.pem
+++ b/tests/security-resources/other-server-crl.pem
@@ -1,12 +1,12 @@
-----BEGIN X509 CRL-----
-MIIB0zCBvAIBATANBgkqhkiG9w0BAQsFADBfMREwDwYDVQQKEwhBY3RpdmVNUTEQ
+MIIB2DCBwQIBATANBgkqhkiG9w0BAQsFADBfMREwDwYDVQQKEwhBY3RpdmVNUTEQ
MA4GA1UECxMHQXJ0ZW1pczE4MDYGA1UEAxMvQWN0aXZlTVEgQXJ0ZW1pcyBTZXJ2
-ZXIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkXDTIzMTIwNzE2NDg0OVoYDzIxMjMx
-MTEzMTY0ODQ5WjAXMBUCBGkc2MsXDTIzMTIwNzE2NDg0OVqgDjAMMAoGA1UdFAQD
-AgEAMA0GCSqGSIb3DQEBCwUAA4IBAQAHvw9QamvkDupseQyZsn9UM/uTzWktMvGd
-USVRJm8GI6EeZEQjQU4+s3bOA+OJC2Q3RIM4irLxIg0CEEcy171+XEE3wMiCs1uw
-n7fb59sLicYz00LcNg1f/oeAE7gytJZslN9ohBLxKA5Bc11tqYiRirVGTZGihwR9
-LUdhpEwsfnDw82QYyMU4Zcr9VeF42lQBMuWQBoWMQVttW1Lay+fI6J9mF1T5DWmn
-aU2uGdGpMbNphy9d4LnCvqRQG62qTHKOuiu464zRoBRWEoSzQmwQwH1Sq8n1eOQW
-QG4AlFmUN6NMa5j5ngJlUZ/E+KRHlbQKFjgekdScdKSr2JjTbBZn
+ZXIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkXDTI0MDMyMjExNTEyNloYDzIxMjQw
+MjI3MTE1MTI2WjAcMBoCCQCGLTZn6NSHLxcNMjQwMzIyMTE1MTI2WqAOMAwwCgYD
+VR0UBAMCAQAwDQYJKoZIhvcNAQELBQADggEBAKjeovsRpImr/CoS4PdD4Rh5/s0U
+lm1dgmK/2HuD5m5K6XvJCBnNkvThkVWK8tgG6t2bjFJnFTQbgIazJtVmpE5kxPdy
+sRD/3WQ61vuOc/EYzslwBrgMTujtj6J2JwIBe7JgCYH4KPuG6Lb8nVFCDZ2t8K9p
+ca7VQdfLhKxh+5bbIuVv077bY+DllcJRAhza32x6xp6Occ+09O0JCWSiazVjVUi8
+Umt5c7HFI+NJwLWACqbYImrWg6A0hD2lptAFaMaRgEpvcyWYhU3foJmBoFuNve1u
+mx894jQ1X/I3t1EHWhTg7vtJSwowjxl2woc3BOxxIO2FQ4rHiSCiG3+XoDc=
-----END X509 CRL-----
diff --git a/tests/security-resources/other-server-key.pem
b/tests/security-resources/other-server-key.pem
new file mode 100644
index 0000000000..6e3b1f3336
--- /dev/null
+++ b/tests/security-resources/other-server-key.pem
@@ -0,0 +1,32 @@
+Bag Attributes
+ friendlyName: other-server
+ localKeyID: 54 69 6D 65 20 31 37 31 31 31 30 38 32 38 34 39 35 33
+Key Attributes: <No Attributes>
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC6l115Y/U4RPlb
+0DdStXPTFhbfAa+aSuWxiOmoQ2pxpeZywteu9/EKhq9ClbGt3Y62ZO4cDn21ZjJ3
+wVbcy+ns2c5RnRfPmcCCMfCGV8hDaqGspXxX6NR1xayH7T16XA7upFuOWUpFbYjj
+NXEoXM/evU1yiOtvxXTA8AqNJZ1mfyOm1/Oyid2+XGSRTkK5f7pVOHU/T31riIc7
+1tPlQ0WMlL0VOA36Wfwirm1JQkgPU+xNjk5v8t0THlNUn/GvWPAFEjZCsu0zeO7o
+O23LZ4DwbXu7+A8imMJScB/7EYcN48olDTXiedLE+V9P/PQWzi3Bqm3t0G3CUtch
+eG3oTlQZAgMBAAECggEAOhXbtenNkRY7r/658iflZg1G0mZSdYwiQ+mUn1pZPQbB
+nfEUtnWd1kKGNYqnFLJXdmUmEJrcPEeTp18K/NIHwMEu7o4iNvCsknscXp3eDEqa
+CMY9Vpp25TDDnE7YqAoXZefJTp9yNPm7tstQrhlyZmr0vJZuAE3uIg+3oSfX/2tF
+loA31evQPLWePIyHUapsctKjnAbsVn5lxBN/Ef0rKh6v++aSrgNRdHBZUhofDedo
+oWBd1slUxK18aj1q2Dl3DrSxuX7ygiX+3sZl+RBNDH3PXpR93kRN1Go4AYPnMQfd
+ExQ8Lc5RViKCfSVBQv8lKttyOZJ/glzCKTe+8bcp1wKBgQDTf5MwZW9oe49pgxFl
+foA4GS4MwOWOsf4CI+xKwEPFrTvibZJWk5S6wCqYs8RIl//DY3RqSR5QEw5/5xOq
+bmq/YW2UY/Xem18wT495HkoIafm08KrLCs+xD+oui1M+jI3sGi6FBrwYc/n9zTzm
+PI+7BnWK07kqg4aIlPuJ91UsowKBgQDh2im5StYoIj8Zm67PD6w4JCXiEfqgVn1f
+XJN4CqmxlZqRNBdYPeuT5ECQJbIVRj9RJxKHcCpd1PMbwJfnMJ0wQR5ZhyT0h9HB
+f3PzU+ndhwZj52rmIsNJrfwIxEmIe4Zjt9KcLbfHOQOJ/sdgiPiY3Wrkoe8LhV1+
+ig4ANnAsEwKBgFQ/i2hJ37klDxmepj1hyL2P+jIGXOscp+w+Vw/nypdhzGsD7rki
+DKrfhZhSc6vfMHiqk2MLQVHwZWQ5rjHDzi3yJ25m6zgDeEWMS8CZejAj1t5myAId
+imIjzss/oKdX4ejc/Q7sgdzTxg99w/aKxU5g4k2szSPMRLj/b7ujlIA1AoGAOVEc
+daHAZ78JNH6GBpZ7pmPGGXFmoXpRpvnfkv9hwWeuKluF8ScFuiqbF/n5D90cBIRd
+93FHzzhT2h8ubcWwnqZoBWB+yHAPk4O88WvCVi4GOSRpxK3d0b0N0Uu/PZvbp0Ln
+eCtCEJUviL3X62/XZzQKBKvz9oCKEasHkpY+MXECgYEAgsUxytP8AyQAEd09lBM8
+n+ZuLSOegJc8lH4NJ/1VLtaADpynEdoRwLp2/5u8U0b8B88zxPZOckVy8CypAlDK
+GhqmBjCtqL/wF7uRC4yEkYXDa6bK/Rnawpt98zU0SRv3QVdDexMvYL0XMOBVaq+Z
+6E16UwNXcn2l3siaZ1486xc=
+-----END PRIVATE KEY-----
diff --git a/tests/security-resources/other-server-keystore.jceks
b/tests/security-resources/other-server-keystore.jceks
index f397037db6..a3248cc226 100644
Binary files a/tests/security-resources/other-server-keystore.jceks and
b/tests/security-resources/other-server-keystore.jceks differ
diff --git a/tests/security-resources/other-server-keystore.jks
b/tests/security-resources/other-server-keystore.jks
index 3b38450c83..9b7d2e6c78 100644
Binary files a/tests/security-resources/other-server-keystore.jks and
b/tests/security-resources/other-server-keystore.jks differ
diff --git a/tests/security-resources/other-server-keystore.p12
b/tests/security-resources/other-server-keystore.p12
index 1c832bff8b..de223cb32f 100644
Binary files a/tests/security-resources/other-server-keystore.p12 and
b/tests/security-resources/other-server-keystore.p12 differ
diff --git a/tests/security-resources/other-server-keystore.pemcfg
b/tests/security-resources/other-server-keystore.pemcfg
new file mode 100644
index 0000000000..6fab6a0e0f
--- /dev/null
+++ b/tests/security-resources/other-server-keystore.pemcfg
@@ -0,0 +1,2 @@
+source.key=classpath:other-server-key.pem
+source.cert=classpath:other-server-cert.pem
diff --git a/tests/security-resources/other-server-truststore.jceks
b/tests/security-resources/other-server-truststore.jceks
index a7a3f6f5f8..56d89057d1 100644
Binary files a/tests/security-resources/other-server-truststore.jceks and
b/tests/security-resources/other-server-truststore.jceks differ
diff --git a/tests/security-resources/other-server-truststore.jks
b/tests/security-resources/other-server-truststore.jks
index afffac5926..9598d6f62d 100644
Binary files a/tests/security-resources/other-server-truststore.jks and
b/tests/security-resources/other-server-truststore.jks differ
diff --git a/tests/security-resources/other-server-truststore.p12
b/tests/security-resources/other-server-truststore.p12
index e8e8a68644..5774c7978d 100644
Binary files a/tests/security-resources/other-server-truststore.p12 and
b/tests/security-resources/other-server-truststore.p12 differ
diff --git a/tests/security-resources/server-ca-cert.pem
b/tests/security-resources/server-ca-cert.pem
index 65c3c41fb0..54027eb206 100644
--- a/tests/security-resources/server-ca-cert.pem
+++ b/tests/security-resources/server-ca-cert.pem
@@ -1,21 +1,21 @@
-----BEGIN CERTIFICATE-----
-MIIDcDCCAligAwIBAgIEP2f++jANBgkqhkiG9w0BAQsFADBfMREwDwYDVQQKEwhB
-Y3RpdmVNUTEQMA4GA1UECxMHQXJ0ZW1pczE4MDYGA1UEAxMvQWN0aXZlTVEgQXJ0
-ZW1pcyBTZXJ2ZXIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwIBcNMjMxMjA3MTY0
-ODQyWhgPMzAyMzA0MDkxNjQ4NDJaMF8xETAPBgNVBAoTCEFjdGl2ZU1RMRAwDgYD
-VQQLEwdBcnRlbWlzMTgwNgYDVQQDEy9BY3RpdmVNUSBBcnRlbWlzIFNlcnZlciBD
-ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
-AQoCggEBAKEtuezvOgOTJTPmB23v8KLePxxxVEX3lykW2FXNd2hL2Xth00gSnLfa
-T0ijqKf1F5zCwognSP+IsvFpLnsJ3URs7am2kAKY7JwgnI38mBdLB6HFC5T/A/jA
-/3eN5ZQLqMzx/M7UUt7jEUqWIKBkCeE/rsrcb7rktZxF7bSF2OHwv5IEd9a/QgJD
-8f3Z1bAAzc9K4zG9BwoxEAdh24ablmnjJuKRfUeTuUQBVmbS1TfpLnn5felTUUM4
-EDThWExNnSvhHhi5AuUb+ZTPqcmZaG13v6UeeiAixEosu9gVLBiv/E2CSheVzuUb
-kEZmCr+sUesgVmerr3alLQ/eZqSq0GMCAwEAAaMyMDAwHQYDVR0OBBYEFDCEoV10
-BTs8Wpgf7t/dA/Y+tCUVMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQAD
-ggEBAERApyTlBRh5nw5QvJmOTByA+GOyC+cSQB2bbw+vkJPlFoiu5fX9NBW2DyTz
-+ZQsIYDztUVL8JdQ8G7m/ycg9Chd1nCkhTfSgYEHlQMAJGeXYVucqg/PSxTZetMf
-SkVnF2UEGUl7+cgSbzNbgegEQ5w9JKUeFZlOrnFuXDeg8FkvCvZ6skxkPO+scVVU
-pdHRoh42UzsDhPA8qnpu+qZEsFmnTtIg3RL63gakuCoymxbvN3DI14YLC/5PWpA6
-1597tbUwE650/kYkwKqs+v1mkJaXrSmbMZ4nJ9OfV3AWu7a76mIKhfiWYBEP34Fa
-RVpSDPO8UvxXGPINOuv1TmTl4WA=
+MIIDdTCCAl2gAwIBAgIJAJYwDleGKNA2MA0GCSqGSIb3DQEBCwUAMF8xETAPBgNV
+BAoTCEFjdGl2ZU1RMRAwDgYDVQQLEwdBcnRlbWlzMTgwNgYDVQQDEy9BY3RpdmVN
+USBBcnRlbWlzIFNlcnZlciBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAgFw0yNDAz
+MjIxMTUxMTlaGA8zMDIzMDcyNDExNTExOVowXzERMA8GA1UEChMIQWN0aXZlTVEx
+EDAOBgNVBAsTB0FydGVtaXMxODA2BgNVBAMTL0FjdGl2ZU1RIEFydGVtaXMgU2Vy
+dmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEA6c3CBzuy7/p9EH1OFx2O+bpBsaZLk3dWi9VaGgRhRMqPV/rR
+5hOfZ1oECDkP2RhX/rEgaATS3simYXEApuLcEvoFUFZQzomb2dtSZUJnkhaQzYaL
+zHaXZxggc9L8bhDqa4eKAatEEkvvT/u+DDq7l/88ATUwDdzwTg7YbcYbAe10rPEQ
+vf0pQzuIFHWqMdYkQAjgBPF+gUgWL/DXRmqowtrwy8m5MbiRdRVuQV85nzF8RiV9
+cU0VNW4YMIcRFOsvKGb1muF8BDeXhrbiYLWddESrPtlQAaEqMv3VeU87AApNtwfC
+wKHgtwoUa1pjr0hizocKHAJbtvoEyzI+v/tZywIDAQABozIwMDAdBgNVHQ4EFgQU
+fI39SB/hKrHFXIQqijOWKIOk6FgwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0B
+AQsFAAOCAQEAgnOTubyCsTUdA0lrInKKBHaXCZLhPhDqbQz6N21Oakh7oG7i8VDi
+uzjMsbtKDUCgl65CBQ/YQNrvFRco9I+7/z3fgLmgPnmHX4lqkuKgmmEExNIiQgZs
+nRg6eiuWS+5TD6d4FNoUwEcf5N1m5coiDBRh/8Qp53FyZb5gW9xjPoAP0/NmCQO8
+rXglv6sSPe53Aba1M/uxu8ZHGz4JvBEcSHQeMgBHyp8UsbY/u/k0Zxa3u2grOTia
+zostUkgSZDfl356UFcpkzsJklAYUzEAzzAd4FksSo+zLKglPk0O1rdqyQAEgasSe
+SZp2cdAB9sxCFwbWXoR4OL85AToghSNvRw==
-----END CERTIFICATE-----
diff --git a/tests/security-resources/server-ca-keystore.p12
b/tests/security-resources/server-ca-keystore.p12
index 7c60abd3a8..1b8df3a60e 100644
Binary files a/tests/security-resources/server-ca-keystore.p12 and
b/tests/security-resources/server-ca-keystore.p12 differ
diff --git a/tests/security-resources/server-ca-truststore.jceks
b/tests/security-resources/server-ca-truststore.jceks
index 3405b6b6ac..dde313b4ec 100644
Binary files a/tests/security-resources/server-ca-truststore.jceks and
b/tests/security-resources/server-ca-truststore.jceks differ
diff --git a/tests/security-resources/server-ca-truststore.jks
b/tests/security-resources/server-ca-truststore.jks
index a0fcd1e126..7d7849b94d 100644
Binary files a/tests/security-resources/server-ca-truststore.jks and
b/tests/security-resources/server-ca-truststore.jks differ
diff --git a/tests/security-resources/server-ca-truststore.p12
b/tests/security-resources/server-ca-truststore.p12
index 3fbfa40e11..f9241482c9 100644
Binary files a/tests/security-resources/server-ca-truststore.p12 and
b/tests/security-resources/server-ca-truststore.p12 differ
diff --git a/tests/security-resources/server-ca.pem
b/tests/security-resources/server-ca.pem
index bb00345773..49b31faf89 100644
--- a/tests/security-resources/server-ca.pem
+++ b/tests/security-resources/server-ca.pem
@@ -1,32 +1,32 @@
Bag Attributes
friendlyName: server-ca
- localKeyID: 54 69 6D 65 20 31 37 30 31 39 36 37 37 32 32 32 38 33
+ localKeyID: 54 69 6D 65 20 31 37 31 31 31 30 38 32 37 39 32 33 38
Key Attributes: <No Attributes>
-----BEGIN PRIVATE KEY-----
-MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQChLbns7zoDkyUz
-5gdt7/Ci3j8ccVRF95cpFthVzXdoS9l7YdNIEpy32k9Io6in9RecwsKIJ0j/iLLx
-aS57Cd1EbO2ptpACmOycIJyN/JgXSwehxQuU/wP4wP93jeWUC6jM8fzO1FLe4xFK
-liCgZAnhP67K3G+65LWcRe20hdjh8L+SBHfWv0ICQ/H92dWwAM3PSuMxvQcKMRAH
-YduGm5Zp4ybikX1Hk7lEAVZm0tU36S55+X3pU1FDOBA04VhMTZ0r4R4YuQLlG/mU
-z6nJmWhtd7+lHnogIsRKLLvYFSwYr/xNgkoXlc7lG5BGZgq/rFHrIFZnq692pS0P
-3makqtBjAgMBAAECggEAc2t+UCiD39l4c7DPMy/2n3sNsL2LPsttiPQeGVuYnaxr
-YkqMdXk2lwYTbo4cEaKWtSBXFA8l3C+1DOFocp1+wShMDRN6DxIZpjhIQ/lVpKCL
-J5ImmB0CaBk1GBUaCSlMSO8lPauYaJosYMAfPxxEYvQqpIS00h5D21PMRFDxHeIV
-gErw03eEQZUecxv2ek44kq+d1UFacYmcWr0nTPQyostZNbE66eEg5xVoeUVR8L34
-YkstuypEuBSAB/wn1jJpQL8oEjbFu3f6mlf2K5QGqJKqmniP8o6FUD94x9t6tExl
-K/rbI+4ELZLXkkAVYI7dONpqduL+jHUY5ECsHE0uyQKBgQDuJWjCFk3MTk8tjePa
-UtJpf2yXNbzTcXVRpjzV/ugD8gon2Xc7LBBpwXsVPPjsBFvk9sJ+9oQL+veCig/o
-U9Ry8ucaQtlxtLJVfUMkXltpwdPV+4A2MyukdFooGzsd5jIMlBIP0ggxDT4r97dz
-lZ8axPhHnm6UTl0fMCtH/ZJvRwKBgQCtQyCdrWo5BeV2AFTMvX48EoLz/OvwRLZo
-0ZqSm3/tnNvQ/FuTjBsGzpF+bwkoz0Vi889hqvmk752bQ3LFH7KRp+t+yPUIOm9K
-slqAzoCc+hWQGWRYA9yyTF+Ogpv6ATUGV+wnqp6Ccid5D/sTEod1hV3n7gYCk1LB
-MCe4THY8BQKBgAStOWRuWbLEauujGLFl5PnrZa+Gf6HLXZlv4Uv2iInjS+3CaIQB
-9oSNJySgoObJoyBY9DLYFnnBwPCQU4Wld8uWF5G9dFW2TbY+En55V+Q4yTcvjDIE
-STweiNK2zi9lIOB8W+pxnnWQJANrBvA/JPO6oIGPi+5fp5aANKliQmjrAoGBAISC
-VE2DNTwLQGSw+CnluseiuLh1dNS7GG6t73O0rXBCiPMaLcd4XaslDK0PqoeljcGS
-Ccb+hhMYlwcJ3JraFS3EqRy8AHqchkUwhnsAc+iacydT5CRUP9O1CVfql/PqPG1v
-jNMBcFz/hSTXjgQWJbdBmoIozjvmBGJvu9D92WcpAoGBAKCdf/OvxUUW8V10ahIZ
-FmUdJNFrJZZvu5Zdy7jianasoXp5VAKK+T3E6DkXMcrEKTSmyZIaDNxIqFgvWotf
-X7NtR7z6+dIfJfRFG07MhzZLozwXdAgpeyux2uef9SJYMxpgSu8Z6C/1YiBouafP
-pYG5aE/ywMdqRttjTwS95j/C
+MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDpzcIHO7Lv+n0Q
+fU4XHY75ukGxpkuTd1aL1VoaBGFEyo9X+tHmE59nWgQIOQ/ZGFf+sSBoBNLeyKZh
+cQCm4twS+gVQVlDOiZvZ21JlQmeSFpDNhovMdpdnGCBz0vxuEOprh4oBq0QSS+9P
++74MOruX/zwBNTAN3PBODthtxhsB7XSs8RC9/SlDO4gUdaox1iRACOAE8X6BSBYv
+8NdGaqjC2vDLybkxuJF1FW5BXzmfMXxGJX1xTRU1bhgwhxEU6y8oZvWa4XwEN5eG
+tuJgtZ10RKs+2VABoSoy/dV5TzsACk23B8LAoeC3ChRrWmOvSGLOhwocAlu2+gTL
+Mj6/+1nLAgMBAAECggEACscGU6kH1ZIZY8Iy8FPXfGF+l77PqwuMPMPn9F0RUsd3
+lhmkxVNQPMZkezCOL3a0z7PAh6r5QXXEXaeE3SyF8oX96rcf4HVtbrxybuKBvbU2
+lZLHLPSmhAUTseMe6b/z3mMQFIWdjK5daLV1DEFE1nvYe0HFZk4x8ZczmNPR+OOv
+tu9beDHTTKQR8a4WzVRV7zz4Z/B749pXdPYs+Hy9JxK49/LOmomIE/i+gr/dAkch
+sGF1hFTPf4oSylmQk8J7Il/gV0+/fBJkWvnWx6J1IDI7WqvoPicNSwPaEfTfsCRT
+ew7TG7vt+vur2R6pD9KUIudYzUzGRL31bycqFGTWqQKBgQD5gAsH5EwJW8+PSWf3
+AvX0Bk/QI/q7NA4kyI2zNHXRG2dynnItAYCWtnpgqsbTSvQeulWxrhf8JoN1m+08
+l2S01IYTx6IdjYaL9wMhvZVbeJkZeuOPNmDVwourO+8U4OD/55ss33Q72P1Rl7Tv
+W/FfNns7WsWHsD/jPInQl80obQKBgQDv5QhnoLi1ma8JVrPVowr1tMYOszar4oTT
+uBdN4Cdgx5QHkZvNJ6YBOhZPIqObHDbtj5zKglp7lNegFk7XWBCysS0sIFqAzHWF
+eKLo7vLFyIqkwWVHRYGgcgsy0JLwOcS/1oQ2wPlMfaUjXQ0+5fiIQZH56uGD0X2y
+SLJTPzyYFwKBgFPfTlX90e3HdlPVumRYE3RP9t6iabQqwKJu5OucNAryamkmiH1G
+pwKDH0qFvkbjSINX4lzTiG6UR9bububSgeEkHFpj3sSOge9lPyFFiQLx3I2rOPo4
+rn7NYoRSpoFfQ2PjaM/B4mIIBMg79nAMeWyndO+0CPkfL6rk+/MqRKZVAoGBANPK
+LVBnyYqyQqEJBb2vsuZXkZ+6wqKfWksctJ5RLhK4QE0qVRWbUmi04qs81poDH889
+wdvbl4yRTIiOCU7+9cb8uvfBHIWnfH24koL5KiZJNXXdM8/nYljHNnHHSGKDbds7
+xQAeADpyls+QwDfuiiupT/oHTs+0rLcwjRcHtjRDAoGBALADaNAULIqFLR94VTrK
+D86aEVXX03RW7JnvwGFLV3z6rGB5LthB7u+7Qw/ywQ2sy2bEErf56HS5X87b2rJy
+6Px3+GxkobfNJsvKrSKz27NoeVTUtntXqd9tYecNEq2LrpDhV3Yrim32sABTSLNH
+jYmA2F+wbHfpeiGJu5XTNzgl
-----END PRIVATE KEY-----
diff --git a/tests/security-resources/server-cert.pem
b/tests/security-resources/server-cert.pem
index 240dc5c524..5beb564c7e 100644
--- a/tests/security-resources/server-cert.pem
+++ b/tests/security-resources/server-cert.pem
@@ -1,28 +1,29 @@
Bag Attributes
friendlyName: server
- localKeyID: 54 69 6D 65 20 31 37 30 31 39 36 37 37 32 35 32 38 31
+ localKeyID: 54 69 6D 65 20 31 37 31 31 31 30 38 32 38 32 34 33 31
subject=C = AMQ, ST = AMQ, L = AMQ, O = ActiveMQ, OU = Artemis, CN = ActiveMQ
Artemis Server
issuer=O = ActiveMQ, OU = Artemis, CN = ActiveMQ Artemis Server Certification
Authority
-----BEGIN CERTIFICATE-----
-MIID6DCCAtCgAwIBAgIEQjyGpTANBgkqhkiG9w0BAQsFADBfMREwDwYDVQQKEwhB
-Y3RpdmVNUTEQMA4GA1UECxMHQXJ0ZW1pczE4MDYGA1UEAxMvQWN0aXZlTVEgQXJ0
-ZW1pcyBTZXJ2ZXIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwIBcNMjMxMjA3MTY0
-ODQ0WhgPMjEyMzExMTMxNjQ4NDRaMHExDDAKBgNVBAYTA0FNUTEMMAoGA1UECBMD
-QU1RMQwwCgYDVQQHEwNBTVExETAPBgNVBAoTCEFjdGl2ZU1RMRAwDgYDVQQLEwdB
-cnRlbWlzMSAwHgYDVQQDExdBY3RpdmVNUSBBcnRlbWlzIFNlcnZlcjCCASIwDQYJ
-KoZIhvcNAQEBBQADggEPADCCAQoCggEBAKSO+QRx5W1uY/azvD3nFyVCygTDHZXG
-DKa4g8Fkrf9ltn4pe6peuu3Jdq+7NRq/mmy5RJKu3wfQIEHj4r+bfudT2FwUoUPt
-GD3wa3gJR2k30cPLASqW5I65i32BzyTkdo75APfC/1CwtnYgwYdG8mktF0/G0m2p
-fK4BG8BoMTAcZ/pWrjcyOAk940Q7oC+dl96Dkpd1I6vTwUfyup1RMvTQkpa8Lc0K
-lplKybKEYPQJCzPaLuoXTk11XgCzGTHAyHJuXWmXtsrAZnDA5stoGCQW89p+kxrc
-3TzaiuKcQEpATK7BMNocFrJ1+LEGUFfK9x8DW9a4zoMLTUUew7KhaSsCAwEAAaOB
-lzCBlDAdBgNVHQ4EFgQUtag+cMyaaX/xPcjSSPqs9agB/9IwRwYDVR0RBEAwPoIJ
-bG9jYWxob3N0ghVsb2NhbGhvc3QubG9jYWxkb21haW6CFGFydGVtaXMubG9jYWx0
-ZXN0Lm1lhwR/AAABMAkGA1UdEwQCMAAwHwYDVR0jBBgwFoAUMIShXXQFOzxamB/u
-390D9j60JRUwDQYJKoZIhvcNAQELBQADggEBAD3CHSQkBdh16Cfrc984m+7czhwF
-ZMupsCz+EGgvM/PIYSZLHbsNKjKOKuTiHXwcPFuT2U9mhU6f1XKw9cHIKCYjfRut
-xgq4q0Vhu6ARLmFdCLQUFx4G8WwBRW+Mi3UuYuK5GPA8ZRbg8wPjfLkmF9Yr/c/g
-+FUNUW9MuAqWPnnXo+gOR60F5DBNdiaOMR9U060jjiMMyDD6a/HB53efDVAsbNGM
-wZNScmqbv5trh9BLIj+VSprPvOH3ScvxFtBu8Pt9gho+2RhEd5Ry7h5hzpI8rO2F
-1x9vPmkvyg8Wlz5R1Wy/myIsKxHWY6eihMGxvipfn6vbuWzq3oJhuYohJBs=
+MIIEGzCCAwOgAwIBAgIJAMPESNFBct/0MA0GCSqGSIb3DQEBCwUAMF8xETAPBgNV
+BAoTCEFjdGl2ZU1RMRAwDgYDVQQLEwdBcnRlbWlzMTgwNgYDVQQDEy9BY3RpdmVN
+USBBcnRlbWlzIFNlcnZlciBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAgFw0yNDAz
+MjIxMTUxMjFaGA8yMTI0MDIyNzExNTEyMVowcTEMMAoGA1UEBhMDQU1RMQwwCgYD
+VQQIEwNBTVExDDAKBgNVBAcTA0FNUTERMA8GA1UEChMIQWN0aXZlTVExEDAOBgNV
+BAsTB0FydGVtaXMxIDAeBgNVBAMTF0FjdGl2ZU1RIEFydGVtaXMgU2VydmVyMIIB
+IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlTbxTDdSdRIrWcO0v2BYBQbN
+doEiAM8S0+PyJemqlYqpp43OSdzvoWkwa0lWforogCNljohJYUwQ/omSaDdP0Y16
+SMylgDpw8qm7j1z7uLPbbXKdzRIVSPmOvQPMZDl3FE9QOaUlcJU+6NShIQll/ken
+t8+EvHVPz96YduTxY+UROJ9Z0eiwHGmDIHm/2fEiqWXsbhq81DWhvOkzdtYnVST8
+BfZkx2DGiLph94KV8snQJGWnTzicVO9QQWJVQcF6aQOXguxRIW8b53UdcM0d9mQ7
+LjbEl66Pz+wPo7GiBhGRHQ9Gpk+L2fE0iy0Ws1Xr9JNIPpkQyxgFPPbqzPBxMwID
+AQABo4HFMIHCMB0GA1UdDgQWBBSrmXLlIK7Xh0xn+dfw4I0q+1nTczBgBgNVHREE
+WTBXghdzZXJ2ZXIuYXJ0ZW1pcy5hY3RpdmVtcYIJbG9jYWxob3N0ghVsb2NhbGhv
+c3QubG9jYWxkb21haW6CFGFydGVtaXMubG9jYWx0ZXN0Lm1lhwR/AAABMAkGA1Ud
+EwQCMAAwHwYDVR0jBBgwFoAUfI39SB/hKrHFXIQqijOWKIOk6FgwEwYDVR0lBAww
+CgYIKwYBBQUHAwEwDQYJKoZIhvcNAQELBQADggEBALseu8YBowlLbNfhxVTpdeSt
+AJy4geCC53uLe9Pft3UydLDCFaMtciSUuieb25R+vMipRyGUX+2ovTsI3nGIhWV9
+F8jWCTXM9SGe8tUy6+GPkmBRI0Y0eakihDl9FH+JvQJO794cK4mXZFOqVuFadfye
+eTT1Bmj0225HrAEV/d6lNcEOxLZkqXy5VYyptejCsV9Ba2S62227KJVixrDuVa23
+bRhP7YHFRz1SjxSKEJJHDyU6jZL9/BDjcviom8QTfaGjjRFyHsR3KGetLKH/9tjS
+9g7XLPiRzz/qnqdesoXC1H4pBLViFbxL+FvkDnD1KDEybYmLm4A+A57wEAv0tRw=
-----END CERTIFICATE-----
diff --git a/tests/security-resources/server-key.pem
b/tests/security-resources/server-key.pem
index 17f801be5e..2370041c27 100644
--- a/tests/security-resources/server-key.pem
+++ b/tests/security-resources/server-key.pem
@@ -1,32 +1,32 @@
Bag Attributes
friendlyName: server
- localKeyID: 54 69 6D 65 20 31 37 30 31 39 36 37 37 32 35 32 38 31
+ localKeyID: 54 69 6D 65 20 31 37 31 31 31 30 38 32 38 32 34 33 31
Key Attributes: <No Attributes>
-----BEGIN PRIVATE KEY-----
-MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCkjvkEceVtbmP2
-s7w95xclQsoEwx2VxgymuIPBZK3/ZbZ+KXuqXrrtyXavuzUav5psuUSSrt8H0CBB
-4+K/m37nU9hcFKFD7Rg98Gt4CUdpN9HDywEqluSOuYt9gc8k5HaO+QD3wv9QsLZ2
-IMGHRvJpLRdPxtJtqXyuARvAaDEwHGf6Vq43MjgJPeNEO6AvnZfeg5KXdSOr08FH
-8rqdUTL00JKWvC3NCpaZSsmyhGD0CQsz2i7qF05NdV4AsxkxwMhybl1pl7bKwGZw
-wObLaBgkFvPafpMa3N082orinEBKQEyuwTDaHBaydfixBlBXyvcfA1vWuM6DC01F
-HsOyoWkrAgMBAAECggEAHVKUsOQSu8M18NnqKyWojC0wjlSuSuf1jSfH4ogsMRxQ
-vn5p2Nv0dza0/W9gcRm/TKxeubyLZXsCpHsVBouQu2vHW/EZI192OGNE4yjUHr2h
-lT/xP0OQCpapcn3VCX/kWGmqcHvAvwIeIUKI+a/8th0g0EhfascOvnrYFRr72NSN
-I33OaYITuoCIHGytZb1OZeIUi2d9IUfy5nWoh2kqm5jbWY11rpzgTFhSu0zG3CI/
-fKGGX9pNnsiWf2Bmcqa8lru94e2HhNDVWlD8gukzb7jX9TcS/aEJWYRbAlWGiOt8
-XOalszJja/NVvPdvdXiV7MvIU3A2tdkzLlVPxjsWsQKBgQDrg1tqRMchd8jsBRSg
-88je/uDEtu3PNOPHKzh7dfPAFcrF4WCijdboeC35GLTiuw77hmOk0yWbZG0SvH7s
-vRcdC6t057251RqJbqVJPn3wz3H0q+aEwjnSvhH2b4aGwyXyQqbb4siq+ZEpStQY
-JX9pBHYFbi40bg29YNyUq6Qv5wKBgQCy34bR+EhWWOTAmOHFykMHSGkY52lJIt3S
-bNxKh5BDMmyMEx7LTNMpWHkJhHg94n5ulCS0wzuWCaWpqVSIon8oipLuK5TFnzmy
-2YupCiMN7NyYzplHdVqAxZi8Sa9rbvHm1+QVtDM58+8Thlnum5r33exons6v3uPY
-8cuV7+ikHQKBgQDVtfcoMY05c4chlWKow0+N+19fYlfd5TKkszWn4trzfVLpyaB1
-IZzYiuW82oyaCgCIgeS91tSTc8f+booGrXfh5YsKpJfnn9daysq18j06XiQcUDj4
-U39BGzUVmRJMC53NfmoHsn1BmQH+pGZeGvjJBUFLoDXRYeSZ6uF/D1oIFQKBgBkJ
-SmCXROC5HoOKoodBsTISw4sV0NnIxI2QaSERanLNWv4cKwI/pYqy9HYNkZrv2cx2
-ddDLRsrQXNyrc8aQIAY3pyso9HDYwYW0B2VIovFvBs1olXG4DkvZ3G/2TFRYOgma
-jDUxfL4O05bDBlFsfDtXV6CpIbriErgp19oLs19NAoGARVSkf/gSzEY4wBHceIf2
-AXUokS0j7u2grSlDYjrf4CPyUsG5jJ8r/vyib0VIHD/PNyl9xcupU8L/ahpDRy3m
-iB8g2ptqffdnsLVVGnCdfbla8+gid+0a21lQf5Ioys9VVkK9gepDqh7RwQ41Cu/8
-OJOFKUcKv/il2LZwTrqnB9Q=
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCVNvFMN1J1EitZ
+w7S/YFgFBs12gSIAzxLT4/Il6aqViqmnjc5J3O+haTBrSVZ+iuiAI2WOiElhTBD+
+iZJoN0/RjXpIzKWAOnDyqbuPXPu4s9ttcp3NEhVI+Y69A8xkOXcUT1A5pSVwlT7o
+1KEhCWX+R6e3z4S8dU/P3ph25PFj5RE4n1nR6LAcaYMgeb/Z8SKpZexuGrzUNaG8
+6TN21idVJPwF9mTHYMaIumH3gpXyydAkZadPOJxU71BBYlVBwXppA5eC7FEhbxvn
+dR1wzR32ZDsuNsSXro/P7A+jsaIGEZEdD0amT4vZ8TSLLRazVev0k0g+mRDLGAU8
+9urM8HEzAgMBAAECggEABHWIX301vx7kYcHZ+HAiIUBTSovQXtLRXrisp1pkySRE
+LqgrtoReOuYgVsxxw8VV7mJgahKDkt9JkLm+wNOKVJpUQbGv7nWQo4fT/ZRLR3lE
+gPBQa+zy6uPeUqK27HXVK6u1G4vmYwdqwl18VTbpL+CnT/RpJJKi6HTf/ImZ9yC5
+JH4F8WJaMDaEuoZjG5NK7j+elxYCaWirf+qimX6vqOSpttH2+hYuMkJpL04ypddU
+y+SerLAKJHSDquTwiG0vQugP90FDMELBrO6dpFhfA2jR9+yVglPBY5N6VwUZqUca
+cZgjEwbTjQlNVxlvgvv2QTOfb+vNrK9z4qiShUJMdQKBgQC/r01GNTArsbvgW3lq
+H65gCGI/hy4WSLDZH+NFaX/gfsrbQ8FScQ1lHd9HVWMZcRGPYWmR4GqQgI3SfCsH
+joXQElqj7YHucrfJ9q4dyvITjdIYPcrRB6l5ZZBWxLrXtGEg8ynP+a7WbDx5YEvW
+FKk5tf/3AC1ZJBFRHqW94F2YnQKBgQDHR65u7UQsgRGB9IAF/3xnUjA0Ok5K/eGZ
+8BK80mntvxvDoNowEUn/ZBw0v1o/ZMULd5Mc6JnIlC48bRoZTVB9S9V5yJ/8Irr9
+BKxCHsNE/wrdf72nwtUWgLo89LxF26/SLArj/ma6SGgmXUx8wgkk25Ow/B5CA0rc
+XP/In96ADwKBgHJX6iq1U7Tc4wvkxTqPB3/1wFXRF6bnWcdLhFFFq6iJOg0uD8ZT
+9f+ZoDV3NBRbJHR5UXZZfngQl4k11J0/YYdLS5J5/YX2HLh3VEolY95SPT+ErNWg
+UnI+Kan41NQTn9T9+LU9ZhQ2oKRu0w4zaPcqIDSBgIuqPkI7m/b2Ph7pAoGAIXjo
+07kGunLzfeCToG5JdxFXB27Dt9TtD+5DN3QgVs7C2xkpjOlahItMMY/ymLNUZZiw
+HSr0qbw6B+xLdfSGkIUsVkhclv0+a0Fdrb19DxnHuWy7bnJLWHxGy/ZPqWw9HBBJ
+xAH3P1LqK4eAUXRGFOrM4+11J6Fl8Z2tWQWBWgECgYEAoeW1KURlRQZAiNs0zfsZ
+R/8+t1bo0igvt+wVewfam91GRX9hj2eNYyYHbXJe94Py0/ny+jJniNMCVpJ+mlY9
+kx9d9fd9zLBu0M7G5f6MLRgUzgxFytIc5X42KatoOepKYVycrjHw5BtulakhQmVn
+B17jc9DMyEmdIBNvLXegSfQ=
-----END PRIVATE KEY-----
diff --git a/tests/security-resources/server-keystore.jceks
b/tests/security-resources/server-keystore.jceks
index 390887814e..4950ede5a8 100644
Binary files a/tests/security-resources/server-keystore.jceks and
b/tests/security-resources/server-keystore.jceks differ
diff --git a/tests/security-resources/server-keystore.jks
b/tests/security-resources/server-keystore.jks
index d4db133c0b..f67334a278 100644
Binary files a/tests/security-resources/server-keystore.jks and
b/tests/security-resources/server-keystore.jks differ
diff --git a/tests/security-resources/server-keystore.p12
b/tests/security-resources/server-keystore.p12
index 88ec78e540..677631e33d 100644
Binary files a/tests/security-resources/server-keystore.p12 and
b/tests/security-resources/server-keystore.p12 differ
diff --git a/tests/security-resources/server-pem-props-config.txt
b/tests/security-resources/server-keystore.pemcfg
similarity index 100%
rename from tests/security-resources/server-pem-props-config.txt
rename to tests/security-resources/server-keystore.pemcfg
diff --git a/tests/security-resources/unknown-client-keystore.jceks
b/tests/security-resources/unknown-client-keystore.jceks
index 8decec0f64..21a8dd91be 100644
Binary files a/tests/security-resources/unknown-client-keystore.jceks and
b/tests/security-resources/unknown-client-keystore.jceks differ
diff --git a/tests/security-resources/unknown-client-keystore.jks
b/tests/security-resources/unknown-client-keystore.jks
index da7ddb73ad..0271247509 100644
Binary files a/tests/security-resources/unknown-client-keystore.jks and
b/tests/security-resources/unknown-client-keystore.jks differ
diff --git a/tests/security-resources/unknown-client-keystore.p12
b/tests/security-resources/unknown-client-keystore.p12
index 1f85b64dc9..d4e2d7ea8e 100644
Binary files a/tests/security-resources/unknown-client-keystore.p12 and
b/tests/security-resources/unknown-client-keystore.p12 differ
diff --git a/tests/security-resources/unknown-server-cert.pem
b/tests/security-resources/unknown-server-cert.pem
new file mode 100644
index 0000000000..baf3c288c7
--- /dev/null
+++ b/tests/security-resources/unknown-server-cert.pem
@@ -0,0 +1,28 @@
+Bag Attributes
+ friendlyName: unknown-server
+ localKeyID: 54 69 6D 65 20 31 37 31 31 31 30 38 32 38 38 31 39 33
+subject=C = AMQ, ST = AMQ, L = AMQ, O = ActiveMQ, OU = Artemis, CN = ActiveMQ
Artemis Unknown Server
+issuer=O = ActiveMQ, OU = Artemis, CN = ActiveMQ Artemis Server Certification
Authority
+-----BEGIN CERTIFICATE-----
+MIID7DCCAtSgAwIBAgIIeFmpOanwEvYwDQYJKoZIhvcNAQELBQAwXzERMA8GA1UE
+ChMIQWN0aXZlTVExEDAOBgNVBAsTB0FydGVtaXMxODA2BgNVBAMTL0FjdGl2ZU1R
+IEFydGVtaXMgU2VydmVyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MCAXDTI0MDMy
+MjExNTEyN1oYDzIxMjQwMjI3MTE1MTI3WjB5MQwwCgYDVQQGEwNBTVExDDAKBgNV
+BAgTA0FNUTEMMAoGA1UEBxMDQU1RMREwDwYDVQQKEwhBY3RpdmVNUTEQMA4GA1UE
+CxMHQXJ0ZW1pczEoMCYGA1UEAxMfQWN0aXZlTVEgQXJ0ZW1pcyBVbmtub3duIFNl
+cnZlcjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALqXcCJgZMxVl8Gl
++XV8plYpVJ8FjGYfo6VfZoE9eDR7gl+w9TzeypyPL8uv2FF9jTpDpHQe/9NOd2hW
+qKGo3ZxjU/qTrCE/IcUxUkAa9raS59ZUg2qiqExQ5b981d8JUFnp+EYDqeQbbU4W
+uOlRgH+TORHlLMh+D2stvJDpa+XDUR/QjnHktNzrW5LLQ/kjiFqnsyurxN4HaCqL
+53kenZewlOpHOt513XuWEe6jdKD1zS4LYwI8keGqhF1p5qB/03vycdODLz0bcUPD
+tvLM0ZZrOJ0PlskNN+JCdA/10a+XMzWFti+N4B2rUbmk5k+IXC9C+B4C+xr63Pv5
+AoLXxjcCAwEAAaOBjzCBjDAdBgNVHQ4EFgQUxSGWcqxYAQASz4Mb/qvj7df0VSQw
+KgYDVR0RBCMwIYIfdW5rbm93bi1zZXJ2ZXIuYXJ0ZW1pcy5hY3RpdmVtcTAJBgNV
+HRMEAjAAMB8GA1UdIwQYMBaAFHyN/Ugf4SqxxVyEKoozliiDpOhYMBMGA1UdJQQM
+MAoGCCsGAQUFBwMBMA0GCSqGSIb3DQEBCwUAA4IBAQBgMnAetG3I+hYLtf7HFZgz
+P3UaIa3iVz97eWsqC9PVdpPUiOFd28NmGsN2otgrPsM8DMEQ34jTDCs8ADzPu/dl
+LTz3iBoypbNropHWxX9g/p9evs2KTME8KrkTICyfKy6aQYrYeEmYrPWCZy24uPSq
+6LN9vrBEa8JZid6oRUiowTMvjUe/a1RPcexw7KMlqooe9cwgn6Pl1LaWbQ+iCNfw
+uTs0Dzu0YUjQDG8wsPl+ZLC/y8CkntzlEt+gz1l7QNi166X0J5sbsNCtDM2L+L+P
+43RhW8txIDXo5A0ooxScYbAiHyfwL1VvtH55GbPi4JEplg89Y+K2sAwSENNq8RVO
+-----END CERTIFICATE-----
diff --git a/tests/security-resources/unknown-server-key.pem
b/tests/security-resources/unknown-server-key.pem
new file mode 100644
index 0000000000..938a7a1e54
--- /dev/null
+++ b/tests/security-resources/unknown-server-key.pem
@@ -0,0 +1,32 @@
+Bag Attributes
+ friendlyName: unknown-server
+ localKeyID: 54 69 6D 65 20 31 37 31 31 31 30 38 32 38 38 31 39 33
+Key Attributes: <No Attributes>
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQC6l3AiYGTMVZfB
+pfl1fKZWKVSfBYxmH6OlX2aBPXg0e4JfsPU83sqcjy/Lr9hRfY06Q6R0Hv/TTndo
+VqihqN2cY1P6k6whPyHFMVJAGva2kufWVINqoqhMUOW/fNXfCVBZ6fhGA6nkG21O
+FrjpUYB/kzkR5SzIfg9rLbyQ6Wvlw1Ef0I5x5LTc61uSy0P5I4hap7Mrq8TeB2gq
+i+d5Hp2XsJTqRzredd17lhHuo3Sg9c0uC2MCPJHhqoRdaeagf9N78nHTgy89G3FD
+w7byzNGWazidD5bJDTfiQnQP9dGvlzM1hbYvjeAdq1G5pOZPiFwvQvgeAvsa+tz7
++QKC18Y3AgMBAAECggEAUG2gZyD3seAfFtiNC6hcJn2QPS9uEkMHDexuSb0OSEkI
+rGihfMhnu045AupcKtwceQXZKDiIezOyYqYf7/bS92sVMshehMIqs04MLxewSohO
+KGOrddaBBsxEC+MqaQYhvXANlVhU7b8owWUn9WItKlByZBVN1WoJCWDgi/IhkRp/
+G2+II+PFNV7f5TrHzEdqGV+joaxEKI9SXGfpkgrQZaj1UKwKzwr/uv/kIcNjVRxv
+mdlvwhrFWIE5bJmIhc6/tdAdj+IoYHgcy6xMcNRORJlp8JO2LzIFu14nWK4Zzlo+
+ayaP5xvSdlJxLNW3HVZqwEhdKlrQUH6nEfoMi5pLMQKBgQDD28FoCf2TS7/a2aUN
+/7WV988XWMN64GbfLUn4RmRkBSjiYO8X5NQbj9D4jUYf0CoJYqLCFyAO8KX7F+rq
+nutbla10F4KZWZjRyLmvtJYJynBEN2yfWFpcJtg5PKUQ3tP76UQNZIbeS3ETQj0L
+PEPCB4Tx5W4v0uOfKIj1Gew0KQKBgQDz4zkaZQD1K3RMMDZXZ41fEBCPH/JXMi8T
+hIAXuZtT4De5HnqRojpgkKb5l9Cl1jnyTK5+QBVdyJ89JBV2VaqRCHsryfFN3X0M
+GlgLWNmsgIowIGLKLM+0RX0b7LQwZSN8jqWWp0Uo+AlCCNHgLUWZJJsO2dE5aZzH
+KK0i6vJzXwKBgQCX9cj5j8bOodcZVgRZ+CxLTxm+Y4BHthQa1Giv2O3LLLWr7smT
+IFfxioP4VKQzyq7S2VSugoK9FLmzN7tsjiDNzjPl/te1Y27OVY68ZMCEmCzCwL3m
+ZAa3uOvKfOMVU83lhfbm7Tg3ARGaf6odLYTk5jCf/gKf2GAC/NBGWvaJAQKBgE0D
+iKmsEXRaB3xzkQVivsKxGPmJNgaQ40q/gY98Xe9Lk20SkdPhLZwGsaOJbCqiDmRU
+EJnvdI/L5XTyKxDWFml8CyEVwOw8r9sdioXyxbHyWTC/WVLMeb5MXyhtQ60wktcn
+WGTNZ0p7oLjIfjXTNfIZHBnBcI83qXk+gAXRuUPzAoGAc+ztGl8U8A+z8HxyMQfD
+N8I5+G/bwbaIyCxRJxDlRgjf8fs86TzUcj8e4IhRIw97+WlL/9waJl6iuo7EEnap
+aeTViOKjpfBvhpffurtde9/Ql92f0KDg2Lyt08t1NBzNxM9O3XC6rdDJGOZJQzPt
+6LEldRv0hMXPf1sHX2qrG3E=
+-----END PRIVATE KEY-----
diff --git a/tests/security-resources/unknown-server-keystore.jceks
b/tests/security-resources/unknown-server-keystore.jceks
index e3f219a73e..041d50f822 100644
Binary files a/tests/security-resources/unknown-server-keystore.jceks and
b/tests/security-resources/unknown-server-keystore.jceks differ
diff --git a/tests/security-resources/unknown-server-keystore.jks
b/tests/security-resources/unknown-server-keystore.jks
index 8540110c02..88a23305d2 100644
Binary files a/tests/security-resources/unknown-server-keystore.jks and
b/tests/security-resources/unknown-server-keystore.jks differ
diff --git a/tests/security-resources/unknown-server-keystore.p12
b/tests/security-resources/unknown-server-keystore.p12
index 050f2b1b3f..d5b8d543ed 100644
Binary files a/tests/security-resources/unknown-server-keystore.p12 and
b/tests/security-resources/unknown-server-keystore.p12 differ
diff --git a/tests/security-resources/unknown-server-keystore.pemcfg
b/tests/security-resources/unknown-server-keystore.pemcfg
new file mode 100644
index 0000000000..d8782dd6ed
--- /dev/null
+++ b/tests/security-resources/unknown-server-keystore.pemcfg
@@ -0,0 +1,2 @@
+source.key=classpath:unknown-server-key.pem
+source.cert=classpath:unknown-server-cert.pem
