Can you try to run the client with the SSL debug mode? (option -Djavax.net.debug=ssl ... http://docs.oracle.com/javase/1.5.0/docs/guide/security/jsse/ReadDebug.html) I'm usually using this SSL debug mode with our customers when they have SSL problems. It sometimes shows bit more details why the SSL doesn't work ...
Do you see any NSS error on the Qpid broker? Regards Jakub On Mon, Sep 3, 2012 at 6:20 PM, maverick_muguda <[email protected]> wrote: > the connectionURL i am using is > amqp://guest:guest@clientid/test?brokerlist='tcp://machine-name.us-west-1.compute.amazonaws.com:5674?ssl='true'' > > I have ensured that the right machine is used. > > the trust store i am using has both the client certificate as well as the CA > certificate > > " > keytool -list -keystore trust-store.jks -storepass password > > Keystore type: JKS > Keystore provider: SUN > > Your keystore contains 2 entries > > rootca, Sep 3, 2012, trustedCertEntry, > Certificate fingerprint (MD5): > 83:0E:47:F0:6F:00:63:BB:05:B6:8D:E2:F4:8B:E8:3D > java-client, Sep 3, 2012, trustedCertEntry, > Certificate fingerprint (MD5): > C2:4E:DF:D8:60:39:58:B5:BB:64:C8:25:21:E4:42:80 > > " > > I followed the instructions in 2.4 and did an additional step of importing > the CA's certificate into the keystore. which can be verified from the > output > > "keytool -list -keystore key-store.jks -storepass password > > Keystore type: JKS > Keystore provider: SUN > > Your keystore contains 2 entries > > rootca, Sep 3, 2012, trustedCertEntry, > Certificate fingerprint (MD5): > 83:0E:47:F0:6F:00:63:BB:05:B6:8D:E2:F4:8B:E8:3D > java-client, Sep 3, 2012, PrivateKeyEntry, > Certificate fingerprint (MD5): > C2:4E:DF:D8:60:39:58:B5:BB:64:C8:25:21:E4:42:80 > " > > In spite of all of these changes, the original problem of "PKIX path > building failed: sun.security.provider.certpath.SunCertPathBuilderException: > unable to find valid certification path to requested target" remains. I have > rerun all the steps from > http://rajith.2rlabs.com/2010/03/01/apache-qpid-securing-connections-with-ssl/ > SSL-Howto page. > > Please suggest any relevant debugging/modifications. > > Thanks, > Naveen > > > > -- > View this message in context: > http://qpid.2158936.n2.nabble.com/Unable-to-Setup-SSL-between-Java-Client-and-C-broker-tp7581558p7581610.html > Sent from the Apache Qpid users mailing list archive at Nabble.com. > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
