On 10 May 2017 at 18:52, jeunii <[email protected]> wrote: > I have a keystore file that works good. I have tested it using the below > command :: > > root@server # java > -Djavax.net.ssl.trustStore=/tmp/apache-servicemix-7.0.0/deploy/qpid.jks > SSLPoke esesslx0ghk.se 9443 > *Successfully connected* > > Now that I am certain that my keystore file works fine, I am going to use it > in my Qpid config that is deployed over ServiceMix. > > My config is as follows :: > > <bean id="amqp" class="org.apache.camel.component.amqp.AMQPComponent"> > <property name="connectionFactory"> > <bean class="org.apache.qpid.jms.JmsConnectionFactory"> > <property name="remoteURI" > value="amqps://esesslx0ghk.se:9443?transport.keyStoreLocation=/tmp/apache-servicemix-7.0.0/deploy/qpid.jks&transport.keyStorePassword=test123" > /> > </bean> > </property> > </bean> > > But when I run my application, I get the ERROR :: > > 2017-05-10 17:30:02,591 | ERROR | mer[CSDP_output] | JmsConnectionFactory > | 226 - qpid-jms-client.jar - 0.0.0 | Failed to create JMS Provider instance > for: amqps > 2017-05-10 17:30:02,619 | ERROR | mer[CSDP_output] | > faultJmsMessageListenerContainer | 155 - > org.apache.servicemix.bundles.spring-jms - 3.2.17.RELEASE_1 | Could not > refresh JMS Connection for destination 'CSDP_output' - retrying in 5000 ms. > Cause: Failed to create connection to: > amqps://esesslx0ghk.se:9443?transport.keyStoreLocation=%252Ftmp%252Fapache-servicemix-7.0.0%252Fdeploy%252Fqpidd.jks&transport.keyStorePassword=test123; > nested exception is javax.net.ssl.SSLHandshakeException: General SSLEngine > problem > javax.jms.JMSException: Failed to create connection to: > amqps://esesslx0ghk.se:9443?transport.keyStoreLocation=%252Ftmp%252Fapache-servicemix-7.0.0%252Fdeploy%252Fqpidd.jks&transport.keyStorePassword=test123 > > > Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem > at > sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1478)[:1.8.0_121] > at > sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:535)[:1.8.0_121] > at > sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:813)[:1.8.0_121] > at > sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:781)[:1.8.0_121] > at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624)[:1.8.0_121] > > > Caused by: sun.security.validator.ValidatorException: PKIX path building > failed: sun.security.provider.certpath.SunCertPathBuilderException: unable > to find valid certification path to requested target > at > sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387)[:1.8.0_121] > at > sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)[:1.8.0_121] > at > sun.security.validator.Validator.validate(Validator.java:260)[:1.8.0_121] > at > sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)[:1.8.0_121] > at > sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:281)[:1.8.0_121] > at > sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:136)[:1.8.0_121] > at > sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1501)[:1.8.0_121] > ... 21 more > Caused by: sun.security.provider.certpath.SunCertPathBuilderException: > unable to find valid certification path to requested target > at > sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)[:1.8.0_121] > at > sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)[:1.8.0_121] > > > Now on one hand I am 100% sure that the keystore file I have is correct and > its path is properly configured. But the application is not able to pick it > up. Is there something wrong with this line ? > > <property name="remoteURI" > value="amqps://esesslx0ghk.se:9443?transport.keyStoreLocation=/tmp/apache-servicemix-7.0.0/deploy/qpidd.jks&transport.keyStorePassword=test123" > /> >
Probably. You are specifying a key store location, when you likely want to be specifying a trust store location instead. The stacktrace is indicating the client/jvm is unable to validate trust of the certificate presented by the server (not that it cant find the store you are configuring) because it cant establish a certification path/chain for it. This is presumably because there isn't one, since you are specifying a keyStoreLocation in the JMS client URI, rather than a trustStoreLocation as would be equivalent to what you did in the other test. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
