Hi Adel,
Can you please setup your listener like this -
listener {
host: 0.0.0.0
port: 10399
saslMechanisms: ANONYMOUS
sslProfile: ssl-profile-name
authenticatePeer: no # Use authenticatePeer instead of requirePeerAuth
requireSsl: yes
}
Thanks.
----- Original Message -----
> From: "Adel Boutros" <[email protected]>
> To: [email protected]
> Sent: Friday, June 10, 2016 10:47:53 AM
> Subject: RE: [Qpid-dispatch] Duplication between sslProfile and connector
> options
>
>
>
>
> The page you provided suits my needs.
> However, I have a problem running SSL. I have configured the dispatcher
> (0.6.0 RC 4) as follows:
> ssl-profile {
> name: ssl-profile-name certFile: CERTIFICATE_DIR/cert_lx.pem
> keyFile: PRIVATE_KEY_DIR/key_lx.pem}
> listener { host: 0.0.0.0 port: 10399 sasl-mechanisms: ANONYMOUS
> ssl-profile: ssl-profile-name requirePeerAuth: no requireSsl: yes}
> Yet, I cannot even cannot using qdmanage:
> qdmanage --ssl-certificate=CERTIFICATE_DIR/cert_lx.pem
> --ssl-key=PRIVATE_KEY_DIR/key_lx.pem -b amqps://0.0.0.0:10399 create
> --type=autoLink addr=queue dir=out connection=localhost.5672.connector
> name=localhost.5672.queue
>
> Exception client-side:
> SSLUnavailable:
>
> Weird incomplete message, no?
>
> Regards,
> Adel
>
> > Date: Fri, 10 Jun 2016 10:11:25 -0400
> > From: [email protected]
> > To: [email protected]
> > Subject: Re: [Qpid-dispatch] Duplication between sslProfile and connector
> > options
> >
> > Hi Adel,
> > You can find the entire list of entities and attributes here -
> >
> > http://qpid.apache.org/releases/qpid-dispatch-master/man/qdrouterd.conf.html
> >
> > I will purge the book of dashed entity/attribute names on the master
> > branch. I have entered a JIRA for this so it can be tracked -
> >
> > https://issues.apache.org/jira/browse/DISPATCH-377
> >
> > Thanks.
> >
> > ----- Original Message -----
> > > From: "Adel Boutros" <[email protected]>
> > > To: [email protected]
> > > Sent: Friday, June 10, 2016 9:43:38 AM
> > > Subject: RE: [Qpid-dispatch] Duplication between sslProfile and connector
> > > options
> > >
> > > One last section, where in the book can I find the fields for ssl-profile
> > > configuration? I searched in Configuration Entities and found everything
> > > except "ssl-profile" fields.
> > > > From: [email protected]
> > > > To: [email protected]
> > > > Subject: RE: [Qpid-dispatch] Duplication between sslProfile and
> > > > connector
> > > > options
> > > > Date: Fri, 10 Jun 2016 15:39:13 +0200
> > > >
> > > > Thank you Ganesh,
> > > > Is this documented somewhere? Will the dashed properties be removed
> > > > from
> > > > the Book to avoid such confusion in the future?
> > > > Regards,Adel
> > > >
> > > > > Date: Fri, 10 Jun 2016 08:30:15 -0400
> > > > > From: [email protected]
> > > > > To: [email protected]
> > > > > Subject: Re: [Qpid-dispatch] Duplication between sslProfile and
> > > > > connector
> > > > > options
> > > > >
> > > > > Hi Adel,
> > > > > Going forward please use the camelCase and abandon using dashed
> > > > > properties (like cert-file). Following is an example of the
> > > > > *correct*
> > > > > way to use certFile
> > > > >
> > > > > sslProfile {
> > > > > certFile: /home/gmurthy/opensource/server-certificate.pem
> > > > > keyFile: /home/gmurthy/opensource//server-private-key.pem
> > > > > password: some-password
> > > > > name: client-ssl-profile
> > > > > certDb: /home/gmurthy/opensource/ca-certificate.pem
> > > > > }
> > > > >
> > > > > connector {
> > > > > addr: 127.0.0.1
> > > > > role: inter-router
> > > > > sslProfile: client-ssl-profile # This connector will use the
> > > > > sslProfile with the name client-ssl-profile
> > > > > port: 24976
> > > > > }
> > > > >
> > > > > Notice above that we specified certFile in only one place (inside the
> > > > > sslProfile)
> > > > >
> > > > > Thanks.
> > > > >
> > > > > ----- Original Message -----
> > > > > > From: "Adel Boutros" <[email protected]>
> > > > > > To: [email protected]
> > > > > > Sent: Friday, June 10, 2016 6:32:06 AM
> > > > > > Subject: [Qpid-dispatch] Duplication between sslProfile and
> > > > > > connector
> > > > > > options
> > > > > >
> > > > > > Hello guys,
> > > > > > In the ssl-profile, we can define some options such as "cert-file".
> > > > > > When we
> > > > > > define a connector, we can provide the name of ssl-profile and we
> > > > > > can
> > > > > > set
> > > > > > "certFile". What is the behavior if we defined a cert-file in the
> > > > > > ssl-profile and set the certFile property?
> > > > > > Is setting one of them enough? Or do we really need to set both?
> > > > > > Regards,Adel
> > > > >
> > > > > ---------------------------------------------------------------------
> > > > > To unsubscribe, e-mail: [email protected]
> > > > > For additional commands, e-mail: [email protected]
> > > > >
> > > >
> > >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: [email protected]
> > For additional commands, e-mail: [email protected]
> >
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
