Hi Tim,
thank you for answer.
I installed oracle JDK7 and now i don't get below problems.
Now I just want to summarize what i do.. Because my pem file is problematic
in client side.
Maybe another configuration i could miss.
> I'm getting below error on the client side (ubuntu 13.04 -same machine
> with
> the client)
> Error occurred while accessing an OpenSSL library method:
> error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal
> error
>
> I'm also getting below error from broker side (ubuntu 13.04 -same machine
> with the client)
> 2013-11-07 12:04:22,244 | ERROR | Could not accept connection from
> tcp://127.0.0.1:55751: javax.net.ssl.SSLException:
> java.security.ProviderException:
> sun.security.pkcs11.wrapper.PKCS11Exception: CKR_DOMAIN_PARAMS_INVALID |
> org.apache.activemq.broker.TransportConnector | ActiveMQ
> BrokerService[localhost] Task-3
*But now I have got the these error from client:*
*Error occurred while accessing an OpenSSL library method:
error:0906D06C:PEM routines:PEM_read_bio:no start line
error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib*
*I use below configuration in my cms client:*
I also enabled SSL in activeMQ.(installed openSSL and added proper prefix to
activeMQ installation)
activemq::library::ActiveMQCPP::initializeLibrary();
decaf::lang::System::setProperty(
"decaf.net.ssl.keyStore","/pathToPem/Client.pem");
decaf::lang::System::setProperty("decaf.net.ssl.keyStorePassword",
"123456");
decaf::lang::System::setProperty( "decaf.net.ssl.trustStore",
"/pathToPem/Broker.pem" );
url ="ssl://localhost:61617";
in broker side i have done below configurations:
*in activemq.xml:*
<sslContext>
<sslContext
keyStore="broker.ks" keyStorePassword="123456"
trustStore="client.ks" trustStorePassword="123456"/>
</sslContext>
<transportConnectors>
<transportConnector name="ssl"
uri="ssl://localhost:61617?needClientAuth=true" />
<transportConnector name="openwire" uri="tcp://0.0.0.0:61616?
maximumConnections=1000&wireformat.maxFrameSize=104857600"/>
<transportConnector name="amqp"
uri="amqp://0.0.0.0:5672?maximumConnections=1000&wireformat.maxFrameSize=104857600"/>
</transportConnectors>
*I also export the SSL_OPTS environment parameter before starting the
broker:*
$ export SSL_OPTS="-Djavax.net.ssl.keyStore=/pathTobrokerks/broker.ks
-Djavax.net.ssl.keyStorePassword=123456
-Djavax.net.ssl.trustStore=/pathTobrokerts/broker.ts"
Below commands for generating keystores and certificates:
$ keytool -genkey -alias broker -keyalg RSA -keystore broker.ks
$ keytool -export -alias broker -keystore broker.ks -file broker_cert
$ keytool -genkey -alias client -keyalg RSA -keystore client.ks
$ keytool -import -alias broker -keystore client.ts -file broker_cert
$ keytool -export -alias client -keystore client.ks -file client_cert
$ keytool -import -alias client -keystore broker.ts -file client_cert
*I have converted to cert files to pem files using below commands:*
$ keytool -importkeystore -srckeystore broker.ks -destkeystore
broker_cert.p12 -srcstoretype jks -deststoretype pkcs12
$ openssl pkcs12 -in broker_cert.p12 -out Broker.pem
$ keytool -importkeystore -srckeystore client.ks -destkeystore
client_cert.p12 -srcstoretype jks -deststoretype pkcs12
$ openssl pkcs12 -in client_cert.p12 -out Client.pem
is there any thing that i miss? or wrong configuration in client or broker
side ?
Thanks a lot.
--
View this message in context:
http://activemq.2283324.n4.nabble.com/setting-up-c-client-app-using-CMS-using-SSL-client-certificate-auth-tp4664686p4674024.html
Sent from the ActiveMQ - User mailing list archive at Nabble.com.
