On 01/29/2010 04:46 PM, john dunning wrote:
On Fri, 2010-01-29 at 16:24 +0000, Gordon Sim wrote:
On 01/29/2010 01:21 PM, Steve Huston wrote:
Just as a separate data point.... I have RHEL 5 w/ valid certs created
per the instructions given.
If I step through those instructions manually I also get valid certs and
can successfully run perftest against the broker using ssl. Perhaps
there is an issue with the script(?).
Always possible, even likely.
I think I've found the issue. The script doesn't select 'Server Auth'
and 'Client Auth' when issuing and signing the server/client
certificates. E.g. it should be:
x certutil -C -d $dir/CA_db -c "$ca_pretty_name" -a -i
$dir/server_db/server.req -o $dir/server_db/server.crt -f
$dir/cert.password -z $dir/random -2 -6 <<EOF
0
9
n
n
-1
EOF
and:
x certutil -C -d $dir/CA_db -c "$ca_pretty_name" -a -i
$dir/client_db/client.req -o $dir/client_db/client.crt -f
$dir/cert.password -z $dir/random -2 -6 <<EOF
1
9
n
n
-1
n
EOF
(Where 0 selects server auth and 1 selects client auth). With that
change then verification of the generated certs works and (providing you
have the right hostname for the cert and use that when connecting) I can
get perftest to run over ssl using the certs generated by the script.
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:dev-subscr...@qpid.apache.org
