Actually, I have an error message in the log file of the dispatcher which comes up every 5 seconds (If I am not mistaken, every x seconds the dispatcher will re-try to connect to the broker?)
bash$ tail -f dispatch.10396.log Wed Jul 13 12:35:51 2016 SERVER (error) SSL local configuration failed for localhost:10101 Wed Jul 13 12:35:56 2016 SERVER (error) SSL local configuration failed for localhost:10101 Wed Jul 13 12:36:01 2016 SERVER (error) SSL local configuration failed for localhost:10101 Wed Jul 13 12:36:06 2016 SERVER (error) SSL local configuration failed for localhost:10101 Regards, Adel > From: [email protected] > To: [email protected] > Subject: [qpid-dispatch 0.6.0] Client certificate authentication with Java > Broker 6.0.0 > Date: Wed, 13 Jul 2016 11:44:05 +0200 > > Hello, > > On a previous > post(http://qpid.2158936.n2.nabble.com/Qpid-Dispatch-SSL-SASL-configuration-on-a-listener-tp7646048.html), > I had asked about how to setup the qpid-dispatch to work with SSL and SASL > authentication and I was able thanks to your help to get clients > (Consumer/producer) to connect to the dispatcher using the correct > certificates. > > At that time, I was connected to the open AMQP port of the Java Broker which > had no security. I then, tried to connect to a port which only required SSL > and this is also working. > > What is not working however is connecting the dispatcher to a port which has > SSL and requires client certificates on the Java Broker. When I run the > qdmanage command to create the connector, no connections shows up on the > virtual host tab in the Java Broker Web management console. > > The qdmanage commands are not showing any errors and there are no errors on > the Java Broker's side. Is there a way to debug further what is happening > with qdmanage? > > As a reminder, my certificates are generated by a self-signed CA composed of > a root authority and an intermediate one. > > Dispatcher config > router { > id: router.10396 > mode: interior > worker-threads: 4 > } > > ssl-profile { > name: ssl-full-profile > certFile: cert_lx.pem > keyFile: key_lx.pem > certDb: ca-chain.cert.pem > } > > listener { > host: 0.0.0.0 > port: 10396 > role: normal > saslMechanisms: EXTERNAL > sslProfile: ssl-full-profile > requireSsl: yes > authenticatePeer: yes > } > > listener { > host: 0.0.0.0 > port: 10395 > role: normal > saslMechanisms: ANONYMOUS > sslProfile: ssl-full-profile > requireSsl: yes > authenticatePeer: no > } > > log { > module: DEFAULT > enable: warn+ > output: dispatch.10396.log > } > > Java Broker > AMP port is 10101 configured with the proper "KeyStore" of the broker, a > "NonJavaTrustStore" containing the ca-chain.cert.pem (Combination of the root > and intermediate certificates) and "Want SSL Client Certificate". > > qdmanage commands > qdmanage -b amqps://localhost:10395 --ssl-key=key_lx.pem > --ssl-certificate=cert_lx.pem create --type=address prefix=perfQueue > waypoint=true name=perf.queue.addr > > qdmanage -b amqps://localhost:10395 --ssl-key=key_lx.pem > --ssl-certificate=cert_lx.pem create --type=connector role=route-container > addr=localhost port=10101 name=localhost.broker.10101.connector > certFile=cert_lx.pem certDb=ca-chain.cert.pem > > Regards, > Adel >
