Hi Tomas, As far as I understood you are trying to set-up client certificate authentication of the client connections over SSL. It should work with Broker-J. For example, system tests [1] and [2] are testing client cert authentication with custom CA.
Kind Regards, Alex [1] https://github.com/apache/qpid-broker-j/blob/master/systests/qpid-systests-jms_1.1/src/test/java/org/apache/qpid/systests/jms_1_1/extensions/tls/TlsTest.java [2] https://github.com/apache/qpid-broker-j/blob/master/systests/qpid-systests-jms_1.1/src/test/java/org/apache/qpid/systests/jms_1_1/extensions/sasl/AuthenticationTest.java On Wed, 12 Dec 2018 at 15:13, Vavricka <vavricka.to...@gmail.com> wrote: > > Hi, > > I tried to authenticate via certificate which is signed by my own > certificate authority and only certificate authority public key is present > in broker. > > Steps I have done: > * create certificate authority > * add public CA key to broker truststore (certutil DB in C++ broker) > * sign client private key by CA > * use signed private certificate in client to connect to broker > > When I perform steps above I am able to connect to C++ broker if only public > CA key is present in broker certificate DB. When I used same steps on Java > Broker I get exception 'javax.net.ssl.SSLException: Received fatal alert: > certificate_unknown'. > > Am I doing something wrong? > > Does Java Broker supports this feature? > > qpid-cpp version 1.36.0 > Java Broker version 7.0.4 > > Best Regards, > Tomas > > > > -- > Sent from: http://qpid.2158936.n2.nabble.com/Apache-Qpid-users-f2158936.html > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@qpid.apache.org > For additional commands, e-mail: users-h...@qpid.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@qpid.apache.org For additional commands, e-mail: users-h...@qpid.apache.org
