Just to add, I generated the certificate using OpenSSL 1.0.2 on Windows as follows:
openssl req -x509 -newkey rsa:2048 -keyout key.pem -out cert.pem -nodes -subj "/C=FR/ST=Paris/L=Paris/O=Company/CN=MACHINE_NAME" > From: [email protected] > To: [email protected] > Subject: RE: [Qpid-dispatch] Duplication between sslProfile and connector > options > Date: Mon, 13 Jun 2016 10:45:24 +0200 > > Hello Ganesh, > I performed the modifications you asked but I still have the same issue using > qdmanage. > Regards,Adel > > > Date: Fri, 10 Jun 2016 12:40:48 -0400 > > From: [email protected] > > To: [email protected] > > Subject: Re: [Qpid-dispatch] Duplication between sslProfile and connector > > options > > > > Hi Adel, > > Can you please setup your listener like this - > > > > listener { > > host: 0.0.0.0 > > port: 10399 > > saslMechanisms: ANONYMOUS > > sslProfile: ssl-profile-name > > authenticatePeer: no # Use authenticatePeer instead of > > requirePeerAuth > > requireSsl: yes > > } > > > > Thanks. > > ----- Original Message ----- > > > From: "Adel Boutros" <[email protected]> > > > To: [email protected] > > > Sent: Friday, June 10, 2016 10:47:53 AM > > > Subject: RE: [Qpid-dispatch] Duplication between sslProfile and connector > > > options > > > > > > > > > > > > > > > The page you provided suits my needs. > > > However, I have a problem running SSL. I have configured the dispatcher > > > (0.6.0 RC 4) as follows: > > > ssl-profile { > > > name: ssl-profile-name certFile: CERTIFICATE_DIR/cert_lx.pem > > > keyFile: PRIVATE_KEY_DIR/key_lx.pem} > > > listener { host: 0.0.0.0 port: 10399 sasl-mechanisms: ANONYMOUS > > > ssl-profile: ssl-profile-name requirePeerAuth: no requireSsl: yes} > > > Yet, I cannot even cannot using qdmanage: > > > qdmanage --ssl-certificate=CERTIFICATE_DIR/cert_lx.pem > > > --ssl-key=PRIVATE_KEY_DIR/key_lx.pem -b amqps://0.0.0.0:10399 create > > > --type=autoLink addr=queue dir=out connection=localhost.5672.connector > > > name=localhost.5672.queue > > > > > > Exception client-side: > > > SSLUnavailable: > > > > > > Weird incomplete message, no? > > > > > > Regards, > > > Adel > > > > > > > Date: Fri, 10 Jun 2016 10:11:25 -0400 > > > > From: [email protected] > > > > To: [email protected] > > > > Subject: Re: [Qpid-dispatch] Duplication between sslProfile and > > > > connector > > > > options > > > > > > > > Hi Adel, > > > > You can find the entire list of entities and attributes here - > > > > > > > > http://qpid.apache.org/releases/qpid-dispatch-master/man/qdrouterd.conf.html > > > > > > > > I will purge the book of dashed entity/attribute names on the master > > > > branch. I have entered a JIRA for this so it can be tracked - > > > > > > > > https://issues.apache.org/jira/browse/DISPATCH-377 > > > > > > > > Thanks. > > > > > > > > ----- Original Message ----- > > > > > From: "Adel Boutros" <[email protected]> > > > > > To: [email protected] > > > > > Sent: Friday, June 10, 2016 9:43:38 AM > > > > > Subject: RE: [Qpid-dispatch] Duplication between sslProfile and > > > > > connector > > > > > options > > > > > > > > > > One last section, where in the book can I find the fields for > > > > > ssl-profile > > > > > configuration? I searched in Configuration Entities and found > > > > > everything > > > > > except "ssl-profile" fields. > > > > > > From: [email protected] > > > > > > To: [email protected] > > > > > > Subject: RE: [Qpid-dispatch] Duplication between sslProfile and > > > > > > connector > > > > > > options > > > > > > Date: Fri, 10 Jun 2016 15:39:13 +0200 > > > > > > > > > > > > Thank you Ganesh, > > > > > > Is this documented somewhere? Will the dashed properties be removed > > > > > > from > > > > > > the Book to avoid such confusion in the future? > > > > > > Regards,Adel > > > > > > > > > > > > > Date: Fri, 10 Jun 2016 08:30:15 -0400 > > > > > > > From: [email protected] > > > > > > > To: [email protected] > > > > > > > Subject: Re: [Qpid-dispatch] Duplication between sslProfile and > > > > > > > connector > > > > > > > options > > > > > > > > > > > > > > Hi Adel, > > > > > > > Going forward please use the camelCase and abandon using dashed > > > > > > > properties (like cert-file). Following is an example of the > > > > > > > *correct* > > > > > > > way to use certFile > > > > > > > > > > > > > > sslProfile { > > > > > > > certFile: /home/gmurthy/opensource/server-certificate.pem > > > > > > > keyFile: /home/gmurthy/opensource//server-private-key.pem > > > > > > > password: some-password > > > > > > > name: client-ssl-profile > > > > > > > certDb: /home/gmurthy/opensource/ca-certificate.pem > > > > > > > } > > > > > > > > > > > > > > connector { > > > > > > > addr: 127.0.0.1 > > > > > > > role: inter-router > > > > > > > sslProfile: client-ssl-profile # This connector will use the > > > > > > > sslProfile with the name client-ssl-profile > > > > > > > port: 24976 > > > > > > > } > > > > > > > > > > > > > > Notice above that we specified certFile in only one place (inside > > > > > > > the > > > > > > > sslProfile) > > > > > > > > > > > > > > Thanks. > > > > > > > > > > > > > > ----- Original Message ----- > > > > > > > > From: "Adel Boutros" <[email protected]> > > > > > > > > To: [email protected] > > > > > > > > Sent: Friday, June 10, 2016 6:32:06 AM > > > > > > > > Subject: [Qpid-dispatch] Duplication between sslProfile and > > > > > > > > connector > > > > > > > > options > > > > > > > > > > > > > > > > Hello guys, > > > > > > > > In the ssl-profile, we can define some options such as > > > > > > > > "cert-file". > > > > > > > > When we > > > > > > > > define a connector, we can provide the name of ssl-profile and > > > > > > > > we > > > > > > > > can > > > > > > > > set > > > > > > > > "certFile". What is the behavior if we defined a cert-file in > > > > > > > > the > > > > > > > > ssl-profile and set the certFile property? > > > > > > > > Is setting one of them enough? Or do we really need to set both? > > > > > > > > Regards,Adel > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > > > > > To unsubscribe, e-mail: [email protected] > > > > > > > For additional commands, e-mail: [email protected] > > > > > > > > > > > > > > > > > > > > > > > > > > --------------------------------------------------------------------- > > > > To unsubscribe, e-mail: [email protected] > > > > For additional commands, e-mail: [email protected] > > > > > > > > > > > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [email protected] > > For additional commands, e-mail: [email protected] > > >
