On 01/27/2016 10:02 PM, jjw tectec wrote:
I'm trying to add encryption, but couldn't get things to work.I've done the following (for a single broker scenario): 1) Ran the following script to create a certificate database: mkdir ${CERT_DIR} certutil -N -d ${CERT_DIR} -f ${CERT_PW_FILE} certutil -S -d ${CERT_DIR} -n ${NICKNAME} -s "CN=${NICKNAME}" -t "CT,," -x -f ${CERT_PW_FILE} -z /usr/bin/certutil 2) in qpidd.conf: require-encryption=yes ssl-cert-db=${CERT_DIR} ssl-cert-password-file=${CERT_PW_FILE} ssl-cert-name=${NICKNAME} ssl-port=5671 However, when running the following: qpid-send -b localhost:5671 -a 'TestQueue; {node:{type:queue}}' --content-string "hello" --connection-options "{transport:ssl,protocol:amqp1.0}" I got "*qpid-send: Connect failed to amqp:ssl:localhost:5671: Reconnect disabled*" What am I missing?
The hostname you use to connect has to match the CN of the broker's certificate. (From 0.30 onwards there is a connection option - ssl_ignore_hostname_verification_failure - which is set to 'true' will disable the verification.
(Also note that the proper error messages have been restored on trunk, but not yet released: https://issues.apache.org/jira/browse/QPID-6435)
--------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
