Are you just using the files created from that guide directly? If so that could be the problem, since you need to import the certificate / key into a truststore / keystore file before using them, e.g. using the keytool command bundled with the JDK.
Robbie On 10 November 2011 22:21, Joe Porto <[email protected]> wrote: > Ah I read your response too quickly! I enabled the use SSL setting to true > in the config.xml…and I used the keystore and truststore that I created > myself following this website: > http://www.akadia.com/services/ssh_test_certificate.html > I'll give the sample ones a shot… > > Joe > > From: Robbie Gemmell <[email protected]> > > Date: Thu, 10 Nov 2011 16:48:32 -0500 > To: Joe Porto <[email protected]> > Cc: "[email protected]" <[email protected]> > Subject: Re: SSL connection problems from rabbitMQ client > > Erm, so was I ? :) > Robbie > On 10 November 2011 21:26, Joe Porto <[email protected]> wrote: > > I was using a Qpid Broker… > Joe > From: Robbie Gemmell <[email protected]> > Date: Thu, 10 Nov 2011 16:20:54 -0500 > To: Joe Porto <[email protected]> > Cc: "[email protected]" <[email protected]> > Subject: Re: SSL connection problems from rabbitMQ client > Hi Joe, > I just tried out connecting the RabbitMQ client using SSL to the > latest trunk revision of the Java broker, and it seemed to work ok > (well, it did make me notice that when we changed IO layers for the > broker and some protocols for the client recently that we missed a > limitation of SSLSocket that mean ConnectionClose currently generates > a nice stacktrace...but other than that, it works). Deliberately > making the client connect to the brokers 'plain' port failed as > expected, as did setting the client not to use SSL and connecting it > to the brokers SSL port. As well as the simpler 'no verification' > example you were using, I used an exapanded example based on those at > http://www.rabbitmq.com/ssl.html (the Java broker doesnt currently > support validating client certificates so I removed those bits). > Could you share how you are configuring the broker, and creating your > certificates? I used the broker keystore and client truststore we use > in our tests, which are located at > qpid/java/test-profiles/test_resources/ssl/java_broker_keystore.jks > and qpid/java/test-profiles/test_resources/ssl/java_client_truststore.jks > in a checkout of our trunk > (http://svn.apache.org/repos/asf/qpid/trunk/) > Regards, > Robbie > On 9 November 2011 20:45, Joe Porto <[email protected]> wrote: > I don't know… only have been playing with the qpid broker…. > From: Robbie Gemmell <[email protected]> > Date: Wed, 9 Nov 2011 15:44:04 -0500 > To: "[email protected]" <[email protected]> > Cc: Joe Porto <[email protected]> > Subject: Re: SSL connection problems from rabbitMQ client > Interesting. This isnt a combination that I have tried before, but I > dont know any obvious reason it wouldnt work. I will try to take a > look at it, but it isnt likely to be for a few days at best. The > default example broker config was changed to use port 5671 because > that is the assigned port for AMQP + SSL, I dont know where the number > previously [not] used in the config came from. > Out of interest, do you know if the client SSL example works ok when > using the RabbitMQ broker? > Robbie > On 8 November 2011 20:55, Joe Porto <[email protected]> wrote: > Hi Robbie, > Thanks for the quick feedback. I installed the .15 version and enabled the > configuration to use SSL (interesting they changed the port to 5671). It > still fails from the client side at the same point (when it's trying to send > the header) , but this time it doesn't throw an error in the server log. > Thoughts? > Joe > From: Robbie Gemmell <[email protected]> > Reply-To: "[email protected]" <[email protected]> > Date: Tue, 8 Nov 2011 15:16:04 -0500 > To: "[email protected]" <[email protected]> > Subject: Re: SSL connection problems from rabbitMQ client > Put simply, SSL support in the broker wasnt functional until after > 0.12 was finalised. It was fixed as part of the development stream for > 0.14, which branched from trunk a few days ago for release in around a > month. > You will need to use a non-release version if you want to make it work > in the mean time. You can get a nightly release build of the current > trunk broker at the following URL if you want to at least try it out: > https://builds.apache.org/view/M-R/view/Qpid/job/Qpid-Java-Release/lastSuccessfulBuild/artifact/trunk/qpid/java/broker/release/ > Robbie > On 8 November 2011 19:42, Joe Porto <[email protected]> wrote: > I am running the .12 release of a java qpid broker. I am trying to access > it via a rabbitmq java client. When not using SSL, this works well and I am > able to send and receive a msg on the client. When I enable SSL and try to > connect to the SSL port on the broker, I get a SocketTimeOutException on the > client side. Tracing through the rabbitMQ code – it looks like this occurs > when the client tries sending just the AMQP header. On the qpid broker, > this error is thrown in the log: > ERROR [MINANetworkDriver(Acceptor)-15] (MINANetworkDriver.java:315) - > Exception thrown and no ProtocolEngine to handle it > java.lang.NullPointerException > at > org.apache.qpid.transport.network.mina.MINANetworkDriver.messageReceived(MINANetworkDriver.java:337) > at > org.apache.mina.common.support.AbstractIoFilterChain$TailFilter.messageReceived(AbstractIoFilterChain.java:703) > at > org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(AbstractIoFilterChain.java:362) > at > org.apache.mina.common.support.AbstractIoFilterChain.access$1200(AbstractIoFilterChain.java:54) > at > org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceived(AbstractIoFilterChain.java:800) > at > org.apache.mina.filter.executor.ExecutorFilter.processEvent(ExecutorFilter.java:243) > at > org.apache.mina.filter.executor.ExecutorFilter$ProcessEventsRunnable.run(ExecutorFilter.java:305) > at > edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:665) > at > edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:690) > at java.lang.Thread.run(Thread.java:680) > --------------------------- > My sample client code looks like this: (the client hangs on > factory.newConnection();, and eventually the socket times out) > ConnectionFactory factory = new ConnectionFactory(); > factory.setHost("10.1.21.21"); > factory.setPort(8672); > factory.setVirtualHost("10.1.21.21"); > factory.useSslProtocol("TLS"); > Connection conn = factory.newConnection(); > Channel channel = conn.createChannel(); > … > --------------------- > Any help would be greatly appreciated! > -Joe > --------------------------------------------------------------------- > Apache Qpid - AMQP Messaging Implementation > Project: http://qpid.apache.org > Use/Interact: mailto:[email protected] > > > > > --------------------------------------------------------------------- Apache Qpid - AMQP Messaging Implementation Project: http://qpid.apache.org Use/Interact: mailto:[email protected]
