Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

ActiveMQ embedded broker SSL

I'm trying to set up an embedded ActiveMQ broker supporting SSL.

Im continuously getting the same error msg:

ActiveMQ Transport Server: ssl://localhost:61613, called closeSocket()
2012-05-04 12:53:11,961 [ActiveMQ Transport Server: ssl://localhost:61613] ERROR          broker.TransportConnector  - Could not accept connection : No available certificate or key corresponds to the SSL cipher suites which are enabled.

Searching on this gives indication of possibly malfunction in generating the keystore and truststore.

I have tried to generate the keystore and truststore using these guides without success. http://docs.oracle.com/javase/6/docs/technotes/guides/security/jsse/JSSERefGuide.html#CreateKeystore

http://activemq.apache.org/how-do-i-use-ssl.html

Im trying to set this up in grails and im defining the embeddedActiveMq inside conf/spring/resources.groovy like follows:

SpringSslContext sslContext = new SpringSslContext()
    FileSystemResource keyStoreResource = new FileSystemResource("/path/to/keyStore")
    FileSystemResource trustStoreResource = new FileSystemResource("/path/to/trustStore")
    sslContext.setKeyStore(keyStoreResource)
    sslContext.setKeyStorePassword("password")
    sslContext.setTrustStore(trustStoreResource)
    sslContext.setTrustStorePassword("trustword")


    SslBrokerService broker = new SslBrokerService()
    broker.setBrokerName("broker")
    broker.setPersistent(true)
    broker.setUseJmx(true)
    broker.setSslContext(sslContext)

TransportConnector connector = new TransportConnector
connector.setUri(new("ssl://localhost:61613"))
broker.addConnector(connector)
broker.start()

I cant really get any other valuble debugging information then using

 System.setProperty("javax.net.debug", "ssl,handshake,data,trustmanager,keymanager")

Could there be an issue of that java is still trying to use the certificate files in jre6/lib/security?

Is there something specific you need to do in order to get the keystore etc to work properly?

like image 374
dunn less Avatar asked May 04 '12 11:05

dunn less


1 Answers

Take a look at ActiveMQ unit tests, especially SslBrokerServiceTest. It shows how to configure SslBrokerService correctly and how to create KeyStore and TrustStore.

like image 83
tmp Avatar answered Nov 04 '22 21:11

tmp