The bad_certificate error means that the broker doesn't like the client SSL certificate.
What kind of SSL authentication do you want? It looks like you configured the port on the broker in a way that it requires SSL client authentication (using the fields Need SSL Client Certificate: Yes and Want SSL Client Certificate: Yes). But in the client you seem to define only the truststore which contains the broker public key. Maybe you can try to switch the client authentication off in the broker. Running the client with system property javax.net.debug set to "ssl" would produce a nice detailed SSL log which can help further. Regards Jakub On Thu, Jun 2, 2016 at 4:10 PM, Adel Boutros <[email protected]> wrote: > Hello, > > I have generated a certificate for my machine using openssl 1.0.2 (openssl > req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -nodes). > > I have created a new Authentication Provider of type "External". > > I have created a new KeyStore of type "Non Java Key Store" and uploaded the > private key and certificate generated by the previous step. > > I have created a new TrustStore of type "Non Java Key Store" and uploaded > the certificate generated by the first step. > > I have created an AMQP port with the following configuration > Name: AMQPS > Port Type: AMQP > Port Number: 10400 > Protocols: AMQP_1_0 > Authentication Provider: sslWithTlsProvider > Binding address: * > Transports: SSL > Key Store: SslCertificateStore > Need SSL Client Certificate: Yes > Want SSL Client Certificate: Yes > Trust Stores: SSLTrustStore > Number of connection threads: 8 > > I restarted the broker after all of this configuration. > > Now, I want to have a JMS consumer connect to this broker using SSL. I > couldn't find any documentation about it beside the doc page > (https://qpid.apache.org/releases/qpid-jms-0.8.0/docs/index.html) which > doesn't provide an example or detailed information. > > I created a trustStore for the JMS client and added the certificate to it > (keytool -import -file cert.pem --keystore D:\qpid-broker\myTrustStore) but > it isn't working > > Can you please help me setup a working example? > > PS: I am using Non Java stores becasue I will have Proton-c clients later > on. > > public static void main(String[] args) throws JMSException { > System.setProperty("javax.net.ssl.trustStore", > "D:\\qpid-broker\\myTrustStore"); > System.setProperty("javax.net.ssl.trustStorePassword", "password"); > ConnectionFactory connectionFactory = new > JmsConnectionFactory("amqps://aboutros:10400"); > Connection connection = connectionFactory.createConnection(); > } > > Error: javax.net.ssl.SSLException: Received fatal alert: bad_certificate > > Regards, > Adel > > > > -- > View this message in context: > http://qpid.2158936.n2.nabble.com/Qpid-Java-Broker-6-0-0-Using-SSL-with-JMS-clients-for-AMQP-tp7644953.html > Sent from the Apache Qpid users mailing list archive at Nabble.com. > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [email protected] > For additional commands, e-mail: [email protected] > >
