Hmm I tried this again (this time with the trunk version of qpid) with the same problem (socket times out)… I put the broker_keystore path in the config file…. Did you? Can you list the steps you did to make this work? And the code you're using on the client?
Joe ________________________________________ From: Robbie Gemmell [[email protected]] Sent: Friday, November 11, 2011 6:03 PM To: [email protected] Subject: Re: SSL connection problems from rabbitMQ client On 11 November 2011 22:13, Joe Porto <[email protected]> wrote: > I'm assuming you imported those files into your keystore…. When I do that, > I'm getting the following error: > Which files? The test ones I mentioned from our repo? Those already are keystore files, with our test certificates/keys/cacerts imported as necessary, so you dont need to do anything to them to use them for testing. My comments about importing were directed at the guide you linked to, which says nothing about Java keystores because it seems to be for configuring an HTTPD installation and therefore the files created by it certainly wont work as-is. > Certificate not imported, alias <RootCA> already exists > > I've tried running: keytool -delete -alias RootCA > > But, I get an exception: keystore file does not exist….. I've been messing > around with trying to tell it which keystore, but I don't know which keystore > it's complaining about? > > Keystore –list returns an error saying keystore file does not exist… (and the > path to follow doesn't exist…) > You dont appear to be telling it any keystore file location ( -keystore <store>) in the above commands, so I imagine it is just looking in the default location as a result? This isnt a process we have documented since there are a wealth of different options to choose from, everyones needs are slightly different, and the various component parts of [self signed] SSL certificates and Java with SSL are documented to death elsewhere already...but perhaps we need to. > Joe > > From: Robbie Gemmell > <[email protected]<mailto:[email protected]>> > Date: Thu, 10 Nov 2011 18:10:53 -0500 > To: Joe Porto <[email protected]<mailto:[email protected]>> > Cc: "[email protected]<mailto:[email protected]>" > <[email protected]<mailto:[email protected]>> > Subject: Re: SSL connection problems from rabbitMQ client > > Are you just using the files created from that guide directly? If so > that could be the problem, since you need to import the certificate / > key into a truststore / keystore file before using them, e.g. using > the keytool command bundled with the JDK. > > Robbie > > On 10 November 2011 22:21, Joe Porto > <[email protected]<mailto:[email protected]>> wrote: > Ah I read your response too quickly! I enabled the use SSL setting to true > in the config.xml…and I used the keystore and truststore that I created > myself following this website: > http://www.akadia.com/services/ssh_test_certificate.html > I'll give the sample ones a shot… > > Joe > > From: Robbie Gemmell > <[email protected]<mailto:[email protected]>> > > Date: Thu, 10 Nov 2011 16:48:32 -0500 > To: Joe Porto <[email protected]<mailto:[email protected]>> > Cc: "[email protected]<mailto:[email protected]>" > <[email protected]<mailto:[email protected]>> > Subject: Re: SSL connection problems from rabbitMQ client > > Erm, so was I ? :) > Robbie > On 10 November 2011 21:26, Joe Porto > <[email protected]<mailto:[email protected]>> wrote: > > I was using a Qpid Broker… > Joe > From: Robbie Gemmell > <[email protected]<mailto:[email protected]>> > Date: Thu, 10 Nov 2011 16:20:54 -0500 > To: Joe Porto <[email protected]<mailto:[email protected]>> > Cc: "[email protected]<mailto:[email protected]>" > <[email protected]<mailto:[email protected]>> > Subject: Re: SSL connection problems from rabbitMQ client > Hi Joe, > I just tried out connecting the RabbitMQ client using SSL to the > latest trunk revision of the Java broker, and it seemed to work ok > (well, it did make me notice that when we changed IO layers for the > broker and some protocols for the client recently that we missed a > limitation of SSLSocket that mean ConnectionClose currently generates > a nice stacktrace...but other than that, it works). Deliberately > making the client connect to the brokers 'plain' port failed as > expected, as did setting the client not to use SSL and connecting it > to the brokers SSL port. As well as the simpler 'no verification' > example you were using, I used an exapanded example based on those at > http://www.rabbitmq.com/ssl.html (the Java broker doesnt currently > support validating client certificates so I removed those bits). > Could you share how you are configuring the broker, and creating your > certificates? I used the broker keystore and client truststore we use > in our tests, which are located at > qpid/java/test-profiles/test_resources/ssl/java_broker_keystore.jks > and qpid/java/test-profiles/test_resources/ssl/java_client_truststore.jks > in a checkout of our trunk > (http://svn.apache.org/repos/asf/qpid/trunk/) > Regards, > Robbie > On 9 November 2011 20:45, Joe Porto > <[email protected]<mailto:[email protected]>> wrote: > I don't know… only have been playing with the qpid broker…. > From: Robbie Gemmell > <[email protected]<mailto:[email protected]>> > Date: Wed, 9 Nov 2011 15:44:04 -0500 > To: "[email protected]<mailto:[email protected]>" > <[email protected]<mailto:[email protected]>> > Cc: Joe Porto <[email protected]<mailto:[email protected]>> > Subject: Re: SSL connection problems from rabbitMQ client > Interesting. This isnt a combination that I have tried before, but I > dont know any obvious reason it wouldnt work. I will try to take a > look at it, but it isnt likely to be for a few days at best. The > default example broker config was changed to use port 5671 because > that is the assigned port for AMQP + SSL, I dont know where the number > previously [not] used in the config came from. > Out of interest, do you know if the client SSL example works ok when > using the RabbitMQ broker? > Robbie > On 8 November 2011 20:55, Joe Porto > <[email protected]<mailto:[email protected]>> wrote: > Hi Robbie, > Thanks for the quick feedback. I installed the .15 version and enabled the > configuration to use SSL (interesting they changed the port to 5671). It > still fails from the client side at the same point (when it's trying to send > the header) , but this time it doesn't throw an error in the server log. > Thoughts? > Joe > From: Robbie Gemmell > <[email protected]<mailto:[email protected]>> > Reply-To: "[email protected]<mailto:[email protected]>" > <[email protected]<mailto:[email protected]>> > Date: Tue, 8 Nov 2011 15:16:04 -0500 > To: "[email protected]<mailto:[email protected]>" > <[email protected]<mailto:[email protected]>> > Subject: Re: SSL connection problems from rabbitMQ client > Put simply, SSL support in the broker wasnt functional until after > 0.12 was finalised. It was fixed as part of the development stream for > 0.14, which branched from trunk a few days ago for release in around a > month. > You will need to use a non-release version if you want to make it work > in the mean time. You can get a nightly release build of the current > trunk broker at the following URL if you want to at least try it out: > https://builds.apache.org/view/M-R/view/Qpid/job/Qpid-Java-Release/lastSuccessfulBuild/artifact/trunk/qpid/java/broker/release/ > Robbie > On 8 November 2011 19:42, Joe Porto > <[email protected]<mailto:[email protected]>> wrote: > I am running the .12 release of a java qpid broker. I am trying to access > it via a rabbitmq java client. When not using SSL, this works well and I am > able to send and receive a msg on the client. When I enable SSL and try to > connect to the SSL port on the broker, I get a SocketTimeOutException on the > client side. Tracing through the rabbitMQ code – it looks like this occurs > when the client tries sending just the AMQP header. On the qpid broker, > this error is thrown in the log: > ERROR [MINANetworkDriver(Acceptor)-15] (MINANetworkDriver.java:315) - > Exception thrown and no ProtocolEngine to handle it > java.lang.NullPointerException > at > org.apache.qpid.transport.network.mina.MINANetworkDriver.messageReceived(MINANetworkDriver.java:337) > at > org.apache.mina.common.support.AbstractIoFilterChain$TailFilter.messageReceived(AbstractIoFilterChain.java:703) > at > org.apache.mina.common.support.AbstractIoFilterChain.callNextMessageReceived(AbstractIoFilterChain.java:362) > at > org.apache.mina.common.support.AbstractIoFilterChain.access$1200(AbstractIoFilterChain.java:54) > at > org.apache.mina.common.support.AbstractIoFilterChain$EntryImpl$1.messageReceived(AbstractIoFilterChain.java:800) > at > org.apache.mina.filter.executor.ExecutorFilter.processEvent(ExecutorFilter.java:243) > at > org.apache.mina.filter.executor.ExecutorFilter$ProcessEventsRunnable.run(ExecutorFilter.java:305) > at > edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:665) > at > edu.emory.mathcs.backport.java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:690) > at java.lang.Thread.run(Thread.java:680) > --------------------------- > My sample client code looks like this: (the client hangs on > factory.newConnection();, and eventually the socket times out) > ConnectionFactory factory = new ConnectionFactory(); > factory.setHost("10.1.21.21"); > factory.setPort(8672); > factory.setVirtualHost("10.1.21.21"); > factory.useSslProtocol("TLS"); > Connection conn = factory.newConnection(); > Channel channel = conn.createChannel(); > … > --------------------- > Any help would be greatly appreciated! > -Joe > --------------------------------------------------------------------- > Apache Qpid - AMQP Messaging Implementation > Project: http://qpid.apache.org > Use/Interact: mailto:[email protected] > > > > > > > --------------------------------------------------------------------- Apache Qpid - AMQP Messaging Implementation Project: http://qpid.apache.org Use/Interact: mailto:[email protected] --------------------------------------------------------------------- Apache Qpid - AMQP Messaging Implementation Project: http://qpid.apache.org Use/Interact: mailto:[email protected]
