I'm trying to set up an embedded ActiveMQ broker supporting SSL.
Im continuously getting the same error msg:
ActiveMQ Transport Server: ssl://localhost:61613, called closeSocket()
2012-05-04 12:53:11,961 [ActiveMQ Transport Server: ssl://localhost:61613] ERROR broker.TransportConnector - Could not accept connection : No available certificate or key corresponds to the SSL cipher suites which are enabled.
Searching on this gives indication of possibly malfunction in generating the keystore and truststore.
I have tried to generate the keystore and truststore using these guides without success. http://docs.oracle.com/javase/6/docs/technotes/guides/security/jsse/JSSERefGuide.html#CreateKeystore
http://activemq.apache.org/how-do-i-use-ssl.html
Im trying to set this up in grails and im defining the embeddedActiveMq inside conf/spring/resources.groovy like follows:
SpringSslContext sslContext = new SpringSslContext()
FileSystemResource keyStoreResource = new FileSystemResource("/path/to/keyStore")
FileSystemResource trustStoreResource = new FileSystemResource("/path/to/trustStore")
sslContext.setKeyStore(keyStoreResource)
sslContext.setKeyStorePassword("password")
sslContext.setTrustStore(trustStoreResource)
sslContext.setTrustStorePassword("trustword")
SslBrokerService broker = new SslBrokerService()
broker.setBrokerName("broker")
broker.setPersistent(true)
broker.setUseJmx(true)
broker.setSslContext(sslContext)
TransportConnector connector = new TransportConnector
connector.setUri(new("ssl://localhost:61613"))
broker.addConnector(connector)
broker.start()
I cant really get any other valuble debugging information then using
System.setProperty("javax.net.debug", "ssl,handshake,data,trustmanager,keymanager")
Could there be an issue of that java is still trying to use the certificate files in jre6/lib/security?
Is there something specific you need to do in order to get the keystore etc to work properly?
Take a look at ActiveMQ unit tests, especially SslBrokerServiceTest.
It shows how to configure SslBrokerService correctly and how to create KeyStore
and TrustStore
.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With