[
https://issues.apache.org/jira/browse/ARTEMIS-3053?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Justin Bertram resolved ARTEMIS-3053.
-------------------------------------
Resolution: Won't Do
I've looked into this and I don't see a way to get the client's certificate
information in the {{exceptionCaught}} method of the
{{org.apache.activemq.artemis.core.remoting.impl.netty.NettyAcceptor.SslHandshakeExceptionHandler}}
which handles this exception. Feel free to re-open if you have other ideas.
> Log Subject Name of expired client certificates
> -----------------------------------------------
>
> Key: ARTEMIS-3053
> URL: https://issues.apache.org/jira/browse/ARTEMIS-3053
> Project: ActiveMQ Artemis
> Issue Type: Improvement
> Components: AMQP, Broker
> Affects Versions: 2.16.0
> Reporter: Sebastian T
> Priority: Minor
>
> We are using client authentication with our large central cloud broker
> instance and are seeing CertificateExpiredExceptions in the logs:
> {{AMQ222208: SSL handshake failed for client from /x.x.x.x:59484:
> java.security.cert.CertificateExpiredException: NotAfter: Wed Sep 23 15:00:00
> CEST 2020.}}
> It would be very helpful if the client certificate subject DN could be logged
> too so we can figure out which client apps causing this.
> The reported IP address is not helpful as the client apps are running elastic
> K8s/cloud foundry clusters.
>
> Logging happens here
> [https://github.com/apache/activemq-artemis/blob/bfca1c59de57168afec045dd5b889c759b3e58a1/artemis-server/src/main/java/org/apache/activemq/artemis/core/remoting/impl/netty/NettyAcceptor.java#L1012]
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
