Configure broker with signed SSL certs

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Configure broker with signed SSL certs

jason_pacino
Are there step by step instruction for configuring a broker for use with a
signed SSL cert?



--
Sent from: http://activemq.2283324.n4.nabble.com/ActiveMQ-User-f2341805.html
Reply | Threaded
Open this post in threaded view
|

Re: Configure broker with signed SSL certs

Tim Bain
Have you seen http://activemq.apache.org/how-do-i-use-ssl.html? Or
http://www.giuseppeurso.eu/en/activemq-and-the-ssl-transport/?

Tim

On Dec 11, 2017 4:49 PM, "jason_pacino" <[hidden email]>
wrote:

> Are there step by step instruction for configuring a broker for use with a
> signed SSL cert?
>
>
>
> --
> Sent from: http://activemq.2283324.n4.nabble.com/ActiveMQ-User-
> f2341805.html
>
Reply | Threaded
Open this post in threaded view
|

Re: Configure broker with signed SSL certs

jason_pacino
Hi Tim,

Thanks for the information. I did have SSL information from the ApacheAMQ
site and the other site was helpful but I still am having issue. I have
created the ks and ts files and replaced them. I add the ACTIVEMQ_SSL_OPTS
enviornemt variable on my windows server and updated the activeMQ.xml SSL
setting to match the ks and ts password and files. When I start the broker I
get the following warning and the broker will not come up.

jvm 1    |  WARN | FAILED SslConnectionFactory@7dd6f267{SSL-HTTP/1.1}:
java.io.IOException: Keystore was tampered with, or password was incorrect
jvm 1    | java.io.IOException: Keystore was tampered with, or password was
incorrect

I have tried recreating the KS and TS file multiple times and I always get
the same error.

Jason



--
Sent from: http://activemq.2283324.n4.nabble.com/ActiveMQ-User-f2341805.html
Reply | Threaded
Open this post in threaded view
|

Re: Configure broker with signed SSL certs

Tim Bain
If you do "keytool -list -keystore YOUR_KS", what happens? The error
message says that the keystore is malformed or the password is wrong; if
you can use keytool against it, it's not malformed.

Typically you would only specify the configuration in either activemq.xml
or the environment variable, not both. Pick which approach you want to use
and remove the other.

Tim

On Dec 14, 2017 10:45 AM, "jason_pacino" <[hidden email]>
wrote:

Hi Tim,

Thanks for the information. I did have SSL information from the ApacheAMQ
site and the other site was helpful but I still am having issue. I have
created the ks and ts files and replaced them. I add the ACTIVEMQ_SSL_OPTS
enviornemt variable on my windows server and updated the activeMQ.xml SSL
setting to match the ks and ts password and files. When I start the broker I
get the following warning and the broker will not come up.

jvm 1    |  WARN | FAILED SslConnectionFactory@7dd6f267{SSL-HTTP/1.1}:
java.io.IOException: Keystore was tampered with, or password was incorrect
jvm 1    | java.io.IOException: Keystore was tampered with, or password was
incorrect

I have tried recreating the KS and TS file multiple times and I always get
the same error.

Jason



--
Sent from: http://activemq.2283324.n4.nabble.com/ActiveMQ-User-f2341805.html