Hi Hamid,
I believe the SSL support in C++ is different on Linux and on Windows.
Assuming you use Linux:
1) export the certificate from Java Keystore to P12 using:
keytool -importkeystore -srckeystore ./keystore_certificate
-destkeystore ./certificate.p12 -deststoretype PKCS12
2) You can export the public key of the broker / its CA from the
keystore using the -exportcert command of the keytool utility
keytool -exportcert -rfc -file broker.crt -keystore
keystore_certificate -alias broker
3) Create the NSS certificate database using the certutil command:
mkdir ./certdb
certutil -N -d ./certdb/
4) Load the public key of the broker into the database
certutil -A -d ./certdb/ -n broker -i broker.crt -t "P,,"
In case you do not have public key of the broker, but only a key from
its CA, use "T,," instead of "P,,"
5) The C++ client is using the NSS / certutil certificate database.
You have to create one (the certutil command help will guide you) and
load the private key from the PKCS12 file using following command:
pk12util -i certificate.p12 -d ./certdb/
6) When you list the certificate database you should see something like this:
certutil -L -d ./certdb/
Certificate Nickname Trust Attributes
SSL,S/MIME,JAR/XPI
CN=clientXXX u,u,u
broker P,,
7) Export the variables as described in
http://qpid.apache.org/books/0.12/AMQP-Messaging-Broker-CPP-Book/html/ch01s05.html#sect-Messaging_User_Guide-Security-Encryption_using_SSL
in section "Enabling SSL in Clients"
8) set following connection options in your C++ client:
connection.setOption("transport", "ssl");
connection.setOption("sasl_mechanisms", "EXTERNAL");
And if you are lucky it will work. You do not specify any certificate
directly in the C++ code. The private key is selected based on the
alias in QPID_SSL_CERT_NAME variable. And the public key of the broker
is somehow ???negotiated/selected??? ... anyway you should not need to
specify it, you should just have it in the certificate database.
Regards
Jakub
On Fri, Nov 11, 2011 at 18:28, Hamid.Shahid <[email protected]> wrote:
> Hi,
>
> I have writted a Qpid messaging client in C++ and I need to use the private
> key of a SSL certificate created by using java "keytool".
>
> Please let me know, how can I use a SSL certificate in my C++ client and how
> can public and private keys of the certificates can be utilized in the code.
>
> Thank you.
>
> regards,
> Hamid.
>
> --
> View this message in context:
> http://apache-qpid-users.2158936.n2.nabble.com/Using-SSL-Certificate-in-Qpid-C-Client-tp6986158p6986158.html
> Sent from the Apache Qpid users mailing list archive at Nabble.com.
>
> ---------------------------------------------------------------------
> Apache Qpid - AMQP Messaging Implementation
> Project: http://qpid.apache.org
> Use/Interact: mailto:[email protected]
>
>
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:[email protected]
