Re: Mutual SSL authentication with Camel applications
On Tue, Mar 17, 2009 at 1:56 PM, huntc hu...@mac.com wrote: Here's the promised blog entry: http://christopherhunt-software.blogspot.com/2009/03/mutual-ssl-authentication-and-ldap.html Hi Thanks a lot for sharing this with us. Its been noticed by the AMQ committers. -- View this message in context: http://www.nabble.com/Mutual-SSL-authentication-with-Camel-applications-tp22490614p22558460.html Sent from the Camel - Users (activemq) mailing list archive at Nabble.com. -- Claus Ibsen Apache Camel Committer Open Source Integration: http://fusesource.com Blog: http://davsclaus.blogspot.com/
Re: Mutual SSL authentication with Camel applications
Hi Have you tried the AMQ forum to see if there is a solution that works with AMQ only? Then we know its possible and can see if there is something needed to be changed in camel-jms or maybe in the activemq-camel component that is shipped with AMQ itself. On Fri, Mar 13, 2009 at 7:39 AM, huntc hu...@mac.com wrote: By the way, here are some of the things I'm observing when attempting mutual authentication: 1. Wireshark shows: Client Hello Server Hello, Certificate, Certificate Request, Server Hello Done Certificate, Client Key Exchange Alert (Level: Fatal, Description: Bad Certificate) If I look at the Certificate, Client Key Exchange in detail I see in the Handshake Protocol: Certificate that the Certificates Length is 0. 2. ActiveMQ shows in its log: ERROR TransportConnector - Could not accept connection : null cert chain I'm presuming that this is because the client has not passed its certificate. I hope that these are useful observations. -- View this message in context: http://www.nabble.com/Mutual-SSL-authentication-with-Camel-applications-tp22490614p22491057.html Sent from the Camel - Users (activemq) mailing list archive at Nabble.com. -- Claus Ibsen Apache Camel Committer Open Source Integration: http://fusesource.com Blog: http://davsclaus.blogspot.com/
Re: Mutual SSL authentication with Camel applications
Hi Claus, Thanks for your reply. I forgot that I made this posting otherwise I would have sent through an update. I did post to the AMQ forum and then discovered for myself what the problem was - the java client consuming the services needed authenticated access to its keystore. I'm going to write a blog entry on securing AMQ very shortly as it is a thinly covered topic which I think I now have experienced pretty well. Kind regards, Christopher -- View this message in context: http://www.nabble.com/Mutual-SSL-authentication-with-Camel-applications-tp22490614p22554822.html Sent from the Camel - Users (activemq) mailing list archive at Nabble.com.
Re: Mutual SSL authentication with Camel applications
Here's the promised blog entry: http://christopherhunt-software.blogspot.com/2009/03/mutual-ssl-authentication-and-ldap.html -- View this message in context: http://www.nabble.com/Mutual-SSL-authentication-with-Camel-applications-tp22490614p22558460.html Sent from the Camel - Users (activemq) mailing list archive at Nabble.com.
Re: Mutual SSL authentication with Camel applications
By the way, here are some of the things I'm observing when attempting mutual authentication: 1. Wireshark shows: Client Hello Server Hello, Certificate, Certificate Request, Server Hello Done Certificate, Client Key Exchange Alert (Level: Fatal, Description: Bad Certificate) If I look at the Certificate, Client Key Exchange in detail I see in the Handshake Protocol: Certificate that the Certificates Length is 0. 2. ActiveMQ shows in its log: ERROR TransportConnector - Could not accept connection : null cert chain I'm presuming that this is because the client has not passed its certificate. I hope that these are useful observations. -- View this message in context: http://www.nabble.com/Mutual-SSL-authentication-with-Camel-applications-tp22490614p22491057.html Sent from the Camel - Users (activemq) mailing list archive at Nabble.com.