Thanks Gordon, You definitely pointed me in the right direction! :)
The trick, as you suggested, was to set the --cluster-url option on both brokers, however the URL format is a little different to what you suggested. For anyone else trying the same thing (or something similar), the format is like follows: cluster-url=amqp:ssl:<server-hostname-or-ip-address>:5671 (note, the argument may be a comma separated list, allowing the local broker to have more than one URL if appropriate). Thanks again! Qpid rocks!! pc ---- http://colby.id.au On Fri, Nov 18, 2011 at 3:51 AM, Gordon Sim <[email protected]> wrote: > On 11/17/2011 03:08 AM, Paul Colby wrote: > >> I have a cluster of two Qpidd brokers - both C++ v0.12 (on CentOS 5.5). >> >> Both brokers have been clustering very happily so far :) >> >> Now, I've enabled both SASL and SSL on both brokers. >> >> I have several client applications I've written that can authenticate, and >> use SSL to talk successfully to either broker. However, I can't get the >> two brokers to cluster anymore (unless I disable SSL). >> >> Specifically, if I start one broker, then everything is happy (clients >> connect / send / receive etc). >> >> But when I try to start a second broker, the second broker begins to start >> up ok, but then stops after reporting "error Rejected un-encrypted >> connection", and then shutting down the catch-up connection. >> >> Is there something I need to do to tell the brokers to use SSL for their >> catch-up connections? Or is require-encryption=yes incompatible with >> clustering? >> > > This is just a suggestion, but you could try setting --cluster-url to > amqps://<fqdn>:<port>, e.g. > amqps://myhost.mydomain.com:**5671<http://myhost.mydomain.com:5671>. > The idea there is to get the update client (which I think is what is > failing) to use SSL. > > An alternative might be to set --cluster-mechanism to DIGEST-MD5 along > with a valid --cluster-username and --cluster-password. The idea there is > to use a SASL encryption layer on the update client so as to avoid being > excluded by the require-encryption=yes setting. > > I haven't verified either of these myself however... > > > ------------------------------**------------------------------**--------- > Apache Qpid - AMQP Messaging Implementation > Project: http://qpid.apache.org > Use/Interact: > mailto:users-subscribe@qpid.**apache.org<[email protected]> > >
