Thank you very much for your reply.
I exported a certificate from broker's keystore and converted it to pem
format using the following command:
$ keytool -importkeystore -srckeystore broker.ks -destkeystore
broker_cert.p12 -srcstoretype jks -deststoretype pkcs12
$ openssl pkcs12 -in broker_cert.p12 -out client_ts.pem
and used client_ts.pem on the client side as trust store, the code is
something like:
decaf::lang::System::setProperty( "decaf.net.ssl.trustStore",
"client_ts.pem" );
but when I tried to connect to broker, I received this error from the client
side:
Error: Error occurred while accessing an OpenSSL library method:
error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal
error
The following message showed in the activeMQ broker's log:
2013-09-07 04:43:43,080 | ERROR | Could not accept connection from
tcp://192.168.209.1:22616: javax.net.ssl.SSLException: Connection has been
shutdown: javax.net.ssl.SSLException: java.security.ProviderException:
sun.security.pkcs11.wrapper.PKCS11Exception: CKR_DOMAIN_PARAMS_INVALID |
org.apache.activemq.broker.TransportConnector | ActiveMQ
BrokerService[test_all_interface] Task-3
Does this mean that my pem file is still wrong?
--
View this message in context:
http://activemq.2283324.n4.nabble.com/setting-up-c-client-app-using-CMS-using-SSL-client-certificate-auth-tp4664686p4671281.html
Sent from the ActiveMQ - User mailing list archive at Nabble.com.
