On 09/07/2013 08:00 AM, yuanbatou wrote:
Thank you very much for your reply.
I exported a certificate from broker's keystore and converted it to pem
format using the following command:
$ keytool -importkeystore -srckeystore broker.ks -destkeystore
broker_cert.p12 -srcstoretype jks -deststoretype pkcs12
$ openssl pkcs12 -in broker_cert.p12 -out client_ts.pem
and used client_ts.pem on the client side as trust store, the code is
something like:
decaf::lang::System::setProperty( "decaf.net.ssl.trustStore",
"client_ts.pem" );
but when I tried to connect to broker, I received this error from the client
side:
Error: Error occurred while accessing an OpenSSL library method:
error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal
error
The following message showed in the activeMQ broker's log:
2013-09-07 04:43:43,080 | ERROR | Could not accept connection from
tcp://192.168.209.1:22616: javax.net.ssl.SSLException: Connection has been
shutdown: javax.net.ssl.SSLException: java.security.ProviderException:
sun.security.pkcs11.wrapper.PKCS11Exception: CKR_DOMAIN_PARAMS_INVALID |
org.apache.activemq.broker.TransportConnector | ActiveMQ
BrokerService[test_all_interface] Task-3
Does this mean that my pem file is still wrong?
--
View this message in context:
http://activemq.2283324.n4.nabble.com/setting-up-c-client-app-using-CMS-using-SSL-client-certificate-auth-tp4664686p4671281.html
Sent from the ActiveMQ - User mailing list archive at Nabble.com.
One of the first things to do is to enable the Java SSL debug mode on
the broker side and see what is going on.
-Djavax.net.debug=ssl
--
Tim Bish
Sr Software Engineer | RedHat Inc.
tim.b...@redhat.com | www.fusesource.com | www.redhat.com
skype: tabish121 | twitter: @tabish121
blog: http://timbish.blogspot.com/
