[jira] Updated: (AMQNET-311) Stomp SSL: No certificates loaded from key-store

Mon, 24 Jan 2011 04:10:12 -0800 

     [ 
https://issues.apache.org/jira/browse/AMQNET-311?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Markus Jung | Ogitix updated AMQNET-311:
----------------------------------------

    Attachment: example_app.cs

Hopefully everything is translated correctly from german to english:
>From startmenu run certmgr.msc
Regarding http://activemq.apache.org/how-do-i-use-ssl.html:
Import client_cert to "My Certificates"
Import broker_cert to "Trusted Root Certification Authority"

Beware of, that the broker's certificate name property must match the hostname 
you will use in your connection-url. In my example: devweb

Create a new console-app using a reference to your stomp project: See 
attachment.

Add a breakpoint below this line

collection = store.Certificates;

in Apache.NMS.Stomp.Transport.Tcp.SslTransport LoadCertificates of your source.

The collection is empty. Expected is 1. Better: As much as you can see in the 
MMC.
Add the lines I suggested, and it is 1.


> Stomp SSL: No certificates loaded from key-store
> ------------------------------------------------
>
>                 Key: AMQNET-311
>                 URL: https://issues.apache.org/jira/browse/AMQNET-311
>             Project: ActiveMQ .Net
>          Issue Type: Bug
>          Components: Stomp
>    Affects Versions: 1.5.0
>         Environment: Windows
>            Reporter: Markus Jung | Ogitix
>            Assignee: Jim Gomes
>            Priority: Minor
>         Attachments: example_app.cs
>
>
> Not using the transport option clientCertFilename the certificates should be 
> loaded from X509Store at class Apache.NMS.Stomp.Transport.Tcp.SslTransport 
> method LoadCertificates.
> But the collection store.Certificates is always empty, causing 
> SelectLocalCertificate to always returning null.
> This is not a big problem, because the connection is working using null. But 
> maybe with an unexpected behavior if one is going to use the 
> clientCertSubject transport option.
> The reason is, the store must be opened (and closed):
> Changing the lines in LoadCertificates to:
>                 X509Store store = new X509Store(name, location);
>                 store.Open(OpenFlags.ReadOnly);
>                 collection = store.Certificates;
>                 store.Close();
> the collection is not empty anymore.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

Reply via email to