Hi, I am following the below document to use SSL between JMS client and C++ broker.
http://rajith.2rlabs.com/2010/03/01/apache-qpid-securing-connections-with-ssl/ My Qpid Settings: ======================== qpidd --transport ssl --ssl-cert-db /ebs/qpid/server_db/ --ssl-cert-password-file /ebs/qpid/broker-pfile --ssl-cert-name fully-qualified-hostname --ssl-port 5674 --default-flow-stop-threshold 0 --default-flow-resume-threshold 0 --log-enable debug+ --log-to-file /ebs/qpid/logs/qpid.log --port 5672 --auth no --mgmt-enable yes --no-module-dir --load-module /ebs/qpid/cpp/src/.libs/ssl.so /ebs/qpid/qpidpersistencestore/cpp/lib/.libs/msgstore.so --data-dir /ebs/qpid/qpid-data --worker-threads 5 --max-connections 2048 --daemon yes ========================= My Client Settings: ========================= java -verbose:gc -Xms64m -Xmx256m -Xss16m -Djavax.net.debug=ssl -Djavax.net.ssl.keyStore=/ebs/qpid/key-store.jks -Djavax.net.ssl.keyStorePassword=password -Djavax.net.ssl.trustStore=/ebs/qpid/trust-store.jks -Djavax.net.ssl.trustStorePassword=password -Dqpid.flow_control_wait_failure=180000 -Dqpid.flow_control_wait_notify_period=10000 ========================= My Connection Factory: ========================= connectionfactory.factory.qpidConnectionfactory = amqp\://guest\:guest@fully-qualified-hostname/test?brokerlist\='tcp\://fully-qualified-hostname\:5674?ssl\='true'&trust_store\='/ebs/qpid/trust-store.jks'&trust_store_password\='password'&key_store\='/ebs/qpid/key-store.jks'&key_store_password\='password'&retries\='3'&connecttimeout\='10000'&connectdelay\='3000'' ========================= I am stuck with the below Exception: ========================= Exception in thread "main" javax.jms.JMSException: Error creating connection: *Cannot recover key* at org.apache.qpid.client.AMQConnectionFactory.createConnection(AMQConnectionFactory.java:286) at com.mysource.qpid.producer.MyMsgProducer.getConnection(MyMsgProducer.java:232) at com.mysource.qpid.producer.MyMsgProducer.main(MyMsgProducer.java:245) Caused by: org.apache.qpid.AMQConnectionFailureException: Cannot recover key at org.apache.qpid.client.AMQConnection.<init>(AMQConnection.java:472) at org.apache.qpid.client.AMQConnectionFactory.createConnection(AMQConnectionFactory.java:276) ... 2 more Caused by: org.apache.qpid.transport.TransportException: Error creating SSL Context at org.apache.qpid.transport.network.security.SecurityLayer$SSLSecurityLayer.<init>(SecurityLayer.java:122) at org.apache.qpid.transport.network.security.SecurityLayer.init(SecurityLayer.java:53) at org.apache.qpid.transport.TransportBuilder.init(TransportBuilder.java:45) at org.apache.qpid.transport.Connection.connect(Connection.java:240) at org.apache.qpid.client.AMQConnectionDelegate_0_10.makeBrokerConnection(AMQConnectionDelegate_0_10.java:184) at org.apache.qpid.client.AMQConnection.makeBrokerConnection(AMQConnection.java:609) at org.apache.qpid.client.AMQConnection.<init>(AMQConnection.java:396) ... 3 more Caused by: java.security.UnrecoverableKeyException: *Cannot recover key* at sun.security.provider.KeyProtector.recover(KeyProtector.java:311) at sun.security.provider.JavaKeyStore.engineGetKey(JavaKeyStore.java:121) at sun.security.provider.JavaKeyStore$JKS.engineGetKey(JavaKeyStore.java:38) at java.security.KeyStore.getKey(KeyStore.java:763) at com.sun.net.ssl.internal.ssl.SunX509KeyManagerImpl.<init>(SunX509KeyManagerImpl.java:113) at com.sun.net.ssl.internal.ssl.KeyManagerFactoryImpl$SunX509.engineInit(KeyManagerFactoryImpl.java:48) at javax.net.ssl.KeyManagerFactory.init(KeyManagerFactory.java:239) at org.apache.qpid.ssl.SSLContextFactory.buildServerContext(SSLContextFactory.java:171) at org.apache.qpid.transport.network.security.ssl.SSLUtil.createSSLContext(SSLUtil.java:156) at org.apache.qpid.transport.network.security.SecurityLayer$SSLSecurityLayer.<init>(SecurityLayer.java:118) ... 9 more =========================== Please help me solve this. Regards, Parkirat Singh Bagga. -- View this message in context: http://qpid.2158936.n2.nabble.com/SSL-between-client-and-broker-Exception-tp7581936.html Sent from the Apache Qpid users mailing list archive at Nabble.com. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
