Hello Jakub,Indeed that was the issue. I turned off "Client Certificate".Now I
have an exception about SASL. Can I use SSL without SASL? Is it because I am
using an "External" authentication provider?Exception in thread "main"
javax.jms.JMSSecurityException: Could not find a suitable SASL mechanism for
the remote peer using the available credentials. at
org.apache.qpid.jms.provider.amqp.AmqpSaslAuthenticator.handleSaslInit(AmqpSaslAuthenticator.java:120)
at
org.apache.qpid.jms.provider.amqp.AmqpSaslAuthenticator.authenticate(AmqpSaslAuthenticator.java:87)
at
org.apache.qpid.jms.provider.amqp.AmqpProvider.processSaslAuthentication(AmqpProvider.java:827)
at
org.apache.qpid.jms.provider.amqp.AmqpProvider.processUpdates(AmqpProvider.java:814)
at
org.apache.qpid.jms.provider.amqp.AmqpProvider.access$1900(AmqpProvider.java:92)
at
org.apache.qpid.jms.provider.amqp.AmqpProvider$17.run(AmqpProvider.java:701) at
java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471) at
java.util.concurrent.FutureTask.run(FutureTask.java:262) at
java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:178)
at
java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:292)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:744)Regards,Adel
> Date: Thu, 2 Jun 2016 16:36:28 +0200
> Subject: Re: [Qpid Java Broker-6.0.0] Using SSL with JMS clients for AMQP
> From: [email protected]
> To: [email protected]
>
> The bad_certificate error means that the broker doesn't like the client SSL
> certificate.
>
> What kind of SSL authentication do you want? It looks like you configured
> the port on the broker in a way that it requires SSL client authentication
> (using the fields Need SSL Client Certificate: Yes and Want SSL Client
> Certificate: Yes). But in the client you seem to define only the truststore
> which contains the broker public key. Maybe you can try to switch the
> client authentication off in the broker.
>
> Running the client with system property javax.net.debug set to "ssl" would
> produce a nice detailed SSL log which can help further.
>
> Regards
> Jakub
>
> On Thu, Jun 2, 2016 at 4:10 PM, Adel Boutros <[email protected]> wrote:
>
> > Hello,
> >
> > I have generated a certificate for my machine using openssl 1.0.2 (openssl
> > req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -nodes).
> >
> > I have created a new Authentication Provider of type "External".
> >
> > I have created a new KeyStore of type "Non Java Key Store" and uploaded the
> > private key and certificate generated by the previous step.
> >
> > I have created a new TrustStore of type "Non Java Key Store" and uploaded
> > the certificate generated by the first step.
> >
> > I have created an AMQP port with the following configuration
> > Name: AMQPS
> > Port Type: AMQP
> > Port Number: 10400
> > Protocols: AMQP_1_0
> > Authentication Provider: sslWithTlsProvider
> > Binding address: *
> > Transports: SSL
> > Key Store: SslCertificateStore
> > Need SSL Client Certificate: Yes
> > Want SSL Client Certificate: Yes
> > Trust Stores: SSLTrustStore
> > Number of connection threads: 8
> >
> > I restarted the broker after all of this configuration.
> >
> > Now, I want to have a JMS consumer connect to this broker using SSL. I
> > couldn't find any documentation about it beside the doc page
> > (https://qpid.apache.org/releases/qpid-jms-0.8.0/docs/index.html) which
> > doesn't provide an example or detailed information.
> >
> > I created a trustStore for the JMS client and added the certificate to it
> > (keytool -import -file cert.pem --keystore D:\qpid-broker\myTrustStore) but
> > it isn't working
> >
> > Can you please help me setup a working example?
> >
> > PS: I am using Non Java stores becasue I will have Proton-c clients later
> > on.
> >
> > public static void main(String[] args) throws JMSException {
> > System.setProperty("javax.net.ssl.trustStore",
> > "D:\\qpid-broker\\myTrustStore");
> > System.setProperty("javax.net.ssl.trustStorePassword", "password");
> > ConnectionFactory connectionFactory = new
> > JmsConnectionFactory("amqps://aboutros:10400");
> > Connection connection = connectionFactory.createConnection();
> > }
> >
> > Error: javax.net.ssl.SSLException: Received fatal alert: bad_certificate
> >
> > Regards,
> > Adel
> >
> >
> >
> > --
> > View this message in context:
> > http://qpid.2158936.n2.nabble.com/Qpid-Java-Broker-6-0-0-Using-SSL-with-JMS-clients-for-AMQP-tp7644953.html
> > Sent from the Apache Qpid users mailing list archive at Nabble.com.
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: [email protected]
> > For additional commands, e-mail: [email protected]
> >
> >
