On 09/10/2012 08:22 PM, ParkiratBagga wrote:
I have 2 c++ brokers in 2 machines.
I have setup CA and made the certificates for both the c++ brokers. Also, I
have added the parameters like transport, ssl-cert-db, ssl-port, and
ssl-password-file to the config file.
While setting up the queue route between 2 servers:
1. If, I give the destination:<ssl port> source:<ssl port>, I am not able to
set the route due to timeout.
2. Therefore, I am routing messages using queue route with
"destination:<qpid port> source:<qpid port> and transport option as *ssl*".
Is this correct?
In 2., is the port the ssl port? If so that is right. You need to
specify the ssl port _and_ specify ssl as the transport.
Also, when message get routed, I don't see, SSL is being used anywhere in
between.
So messages are being routed correctly? But you are not seeing any SSL
traffic (I assume through some network monitoring tool)?
Do you already have a non-ssl route in place. If so you may need to
remove that to ensure that messages are routed over SSL.
1. Have I configured it correctly?
2. Did I missed something?
3. Can you help me with pointers, how to setup ssl between brokers?
First step I would recommend is to ensure a regular client can connect
to the 'remote' broker using the 'local' brokers certificate database.
That lets you test the configuration in a slightly simpler fashion.
The other suggestion is to look at the logs and see if there are any errors.
There is a test script that is run as part of make check, that sets up
SSL based federation and it may be useful as an example (though its not
written as an example specifically):
http://svn.apache.org/viewvc/qpid/trunk/qpid/cpp/src/tests/sasl_fed_ex?view=markup
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
