jaasAuthenticationPlugin ans sslContext in karaf

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
8 messages Options
Reply | Threaded
Open this post in threaded view
|

jaasAuthenticationPlugin ans sslContext in karaf

MillieretXavier
Hi all,

I use activeMq 5.12.3 embedded in karaf.
I would like two connectors, one for openwire, and one for amqps
here my activemq.xml (configuration)

<beans
    xmlns="http://www.springframework.org/schema/beans"
    xmlns:amq="http://activemq.apache.org/schema/core"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
    xsi:schemaLocation="http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
  http://activemq.apache.org/schema/core
http://activemq.apache.org/schema/core/activemq-core.xsd">

    <broker xmlns="http://activemq.apache.org/schema/core"
            brokerName="${broker-name}"
            dataDirectory="${data}"
            start="false"
            populateJMSXUserID="true"
            persistent="false">

        <destinationPolicy>
            <policyMap>
                <policyEntries>
                    <policyEntry topic=">" producerFlowControl="true">
                        <pendingMessageLimitStrategy>
                            <constantPendingMessageLimitStrategy
limit="1000"/>
                        </pendingMessageLimitStrategy>
                    </policyEntry>
                    <policyEntry queue=">" producerFlowControl="true"
memoryLimit="1mb">
                    </policyEntry>
                </policyEntries>
            </policyMap>
        </destinationPolicy>

        <managementContext>
            <managementContext createConnector="false"/>
        </managementContext>

        <persistenceAdapter>
            <kahaDB directory="${data}/kahadb"/>
        </persistenceAdapter>

       
        <plugins>
            <jaasAuthenticationPlugin configuration="karaf"/>
        </plugins>
       
       <sslContext>
            <sslContext
                keyStore="file:${amqps.ks}"
                keyStorePassword="${amqps.pwd}"
                trustStore="file:${amqps.ts}"
                trustStorePassword="${amqps.pwd}"/>
       </sslContext>
       

        <systemUsage>
            <systemUsage>
                <memoryUsage>
                    <memoryUsage limit="64 mb"/>
                </memoryUsage>
                <storeUsage>
                    <storeUsage limit="50 gb"/>
                </storeUsage>
                <tempUsage>
                    <tempUsage limit="1 gb"/>
                </tempUsage>
            </systemUsage>
        </systemUsage>

        <transportConnectors>
            <transportConnector name="openwire"
uri="tcp://0.0.0.0:61616?maximumConnections=1000"/>
           
            <transportConnector name="amqps"
uri="amqp+ssl://0.0.0.0:5671?transport.transformer=jms&amp;needClientAuth=false"/>
           
        </transportConnectors>
    </broker>

</beans>



Unfortunately when I remove the jaas plugin, the amqps connector works but
the openwire not, and when I put jaas plugin it's the reverse!!!


I saw on forum, I must use the jaasDualAuthenticationPlugin

I try this
<jaasDualAuthenticationPlugin configuration="karaf"
sslConfiguration="karaf-2"/>

But unfortunately it's the same behavior !!!
I let the ssl context configuration at the same place (activemq.xml)
and put this inside a xml file

<?xml version="1.0" encoding="UTF-8"?>
<blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0"
           xmlns:jaas="http://karaf.apache.org/xmlns/jaas/v1.0.0"
         
xmlns:ext="http://aries.apache.org/blueprint/xmlns/blueprint-ext/v1.0.0">

   
    <ext:property-placeholder placeholder-prefix="$["
placeholder-suffix="]"/>

    <jaas:config name="karaf-2" rank="1">
      <jaas:module
className="org.apache.activemq.jaas.TextFileCertificateLoginModule"
flags="required">
        debug=true
       
org.apache.activemq.jaas.textfiledn.user="file:C:/Temp/dns.properties"
       
org.apache.activemq.jaas.textfiledn.group="file:C:/Temp/groups.properties"
      </jaas:module>
    </jaas:config>
   
   
    <jaas:keystore xmlns:jaas="http://karaf.apache.org/xmlns/jaas/v1.1.0"
               name="ks"
               rank="2"
             
path="file:C:/xav/eaton/workspace/emc4j/emc4j-ipm/packaging/target/emc4j-ipm-1.60.2-SNAPSHOT/emc4j-ipm-1.60.2-SNAPSHOT/etc/emc4j.ks"
               keystorePassword="pwd"/>
               
    <jaas:keystore xmlns:jaas="http://karaf.apache.org/xmlns/jaas/v1.1.0"
               name="ts"
               rank="2"
             
path="file:C:/xav/eaton/workspace/emc4j/emc4j-ipm/packaging/target/emc4j-ipm-1.60.2-SNAPSHOT/emc4j-ipm-1.60.2-SNAPSHOT/etc/emc4j.ts"
               keystorePassword="pwd"/>

</blueprint>


 I am lost, so any help will be appreciate.

Regards







--
Sent from: http://activemq.2283324.n4.nabble.com/ActiveMQ-User-f2341805.html
Reply | Threaded
Open this post in threaded view
|

Re: jaasAuthenticationPlugin ans sslContext in karaf

Tim Bain
1. You referenced a forum post that told you how to do JAAS in this case;
can you please provide a link?

2. If you run a standalone broker without the JAAS plugin, do both
protocols work?  How about if you configure the standalone broker to use
JAAS directly rather than through Karaf? This sounds like it might be a
Karaf problem rather than an ActiveMQ problem, so let's try to diagnose
which side of the line it's on.

3. Have you posted this question to the Karaf mailing list and to
StackOverflow? If so, please provide links.

Tim

On Nov 20, 2017 6:28 AM, "MillieretXavier" <[hidden email]>
wrote:

> Hi all,
>
> I use activeMq 5.12.3 embedded in karaf.
> I would like two connectors, one for openwire, and one for amqps
> here my activemq.xml (configuration)
>
> <beans
>     xmlns="http://www.springframework.org/schema/beans"
>     xmlns:amq="http://activemq.apache.org/schema/core"
>     xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
>     xsi:schemaLocation="http://www.springframework.org/schema/beans
> http://www.springframework.org/schema/beans/spring-beans-2.0.xsd
>   http://activemq.apache.org/schema/core
> http://activemq.apache.org/schema/core/activemq-core.xsd">
>
>     <broker xmlns="http://activemq.apache.org/schema/core"
>             brokerName="${broker-name}"
>             dataDirectory="${data}"
>             start="false"
>             populateJMSXUserID="true"
>             persistent="false">
>
>         <destinationPolicy>
>             <policyMap>
>                 <policyEntries>
>                     <policyEntry topic=">" producerFlowControl="true">
>                         <pendingMessageLimitStrategy>
>                             <constantPendingMessageLimitStrategy
> limit="1000"/>
>                         </pendingMessageLimitStrategy>
>                     </policyEntry>
>                     <policyEntry queue=">" producerFlowControl="true"
> memoryLimit="1mb">
>                     </policyEntry>
>                 </policyEntries>
>             </policyMap>
>         </destinationPolicy>
>
>         <managementContext>
>             <managementContext createConnector="false"/>
>         </managementContext>
>
>         <persistenceAdapter>
>             <kahaDB directory="${data}/kahadb"/>
>         </persistenceAdapter>
>
>
>         <plugins>
>             <jaasAuthenticationPlugin configuration="karaf"/>
>         </plugins>
>
>        <sslContext>
>             <sslContext
>                 keyStore="file:${amqps.ks}"
>                 keyStorePassword="${amqps.pwd}"
>                 trustStore="file:${amqps.ts}"
>                 trustStorePassword="${amqps.pwd}"/>
>        </sslContext>
>
>
>         <systemUsage>
>             <systemUsage>
>                 <memoryUsage>
>                     <memoryUsage limit="64 mb"/>
>                 </memoryUsage>
>                 <storeUsage>
>                     <storeUsage limit="50 gb"/>
>                 </storeUsage>
>                 <tempUsage>
>                     <tempUsage limit="1 gb"/>
>                 </tempUsage>
>             </systemUsage>
>         </systemUsage>
>
>         <transportConnectors>
>             <transportConnector name="openwire"
> uri="tcp://0.0.0.0:61616?maximumConnections=1000"/>
>
>             <transportConnector name="amqps"
> uri="amqp+ssl://0.0.0.0:5671?transport.transformer=jms&amp;
> needClientAuth=false"/>
>
>         </transportConnectors>
>     </broker>
>
> </beans>
>
>
>
> Unfortunately when I remove the jaas plugin, the amqps connector works but
> the openwire not, and when I put jaas plugin it's the reverse!!!
>
>
> I saw on forum, I must use the jaasDualAuthenticationPlugin
>
> I try this
> <jaasDualAuthenticationPlugin configuration="karaf"
> sslConfiguration="karaf-2"/>
>
> But unfortunately it's the same behavior !!!
> I let the ssl context configuration at the same place (activemq.xml)
> and put this inside a xml file
>
> <?xml version="1.0" encoding="UTF-8"?>
> <blueprint xmlns="http://www.osgi.org/xmlns/blueprint/v1.0.0"
>            xmlns:jaas="http://karaf.apache.org/xmlns/jaas/v1.0.0"
>
> xmlns:ext="http://aries.apache.org/blueprint/xmlns/blueprint-ext/v1.0.0">
>
>
>     <ext:property-placeholder placeholder-prefix="$["
> placeholder-suffix="]"/>
>
>     <jaas:config name="karaf-2" rank="1">
>       <jaas:module
> className="org.apache.activemq.jaas.TextFileCertificateLoginModule"
> flags="required">
>         debug=true
>
> org.apache.activemq.jaas.textfiledn.user="file:C:/Temp/dns.properties"
>
> org.apache.activemq.jaas.textfiledn.group="file:C:/Temp/groups.properties"
>       </jaas:module>
>     </jaas:config>
>
>
>     <jaas:keystore xmlns:jaas="http://karaf.apache.org/xmlns/jaas/v1.1.0"
>                name="ks"
>                rank="2"
>
> path="file:C:/xav/eaton/workspace/emc4j/emc4j-ipm/
> packaging/target/emc4j-ipm-1.60.2-SNAPSHOT/emc4j-ipm-1.60.
> 2-SNAPSHOT/etc/emc4j.ks"
>                keystorePassword="pwd"/>
>
>     <jaas:keystore xmlns:jaas="http://karaf.apache.org/xmlns/jaas/v1.1.0"
>                name="ts"
>                rank="2"
>
> path="file:C:/xav/eaton/workspace/emc4j/emc4j-ipm/
> packaging/target/emc4j-ipm-1.60.2-SNAPSHOT/emc4j-ipm-1.60.
> 2-SNAPSHOT/etc/emc4j.ts"
>                keystorePassword="pwd"/>
>
> </blueprint>
>
>
>  I am lost, so any help will be appreciate.
>
> Regards
>
>
>
>
>
>
>
> --
> Sent from: http://activemq.2283324.n4.nabble.com/ActiveMQ-User-
> f2341805.html
>
Reply | Threaded
Open this post in threaded view
|

Re: jaasAuthenticationPlugin ans sslContext in karaf

MillieretXavier
Thx Tim,

So
1. I follow this link
http://docs.huihoo.com/fuse/esb/4.4/amq_security/Auth-JAAS-DualAuthentPlugin.html
perhaps I am wrong???
2. To add precision, I run karaf 3.0.7, and inside activemq 5.12.3.
My goal is perhaps stupid, having a openwire without ssl (because wait only
on localhost), and with amqp works with certificates, that all.
I follow theses links for activemq
https://access.redhat.com/documentation/en-US/Fuse_MQ_Enterprise/7.1/html/Security_Guide/files/SSL-SetSecurityContext.html
3. Not yet, but I will do asap.

If you see somethings, I will appreciate any helps

Regards
 



--
Sent from: http://activemq.2283324.n4.nabble.com/ActiveMQ-User-f2341805.html
Reply | Threaded
Open this post in threaded view
|

Re: jaasAuthenticationPlugin ans sslContext in karaf

MillieretXavier
Hi all,

Anybody have an idea?



--
Sent from: http://activemq.2283324.n4.nabble.com/ActiveMQ-User-f2341805.html
Reply | Threaded
Open this post in threaded view
|

Re: jaasAuthenticationPlugin ans sslContext in karaf

Tim Bain
In reply to this post by MillieretXavier
So are you trying to have cert-based authentication for AMQP and
password-based authentication for OpenWire? Or are you trying to have
cert-based
authentication for AMQP and no authentication for OpenWire?

Also, can you please post the error messages you get both with and without
the plugin enabled?

Tim

On Nov 20, 2017 7:37 AM, "MillieretXavier" <[hidden email]>
wrote:

> Thx Tim,
>
> So
> 1. I follow this link
> http://docs.huihoo.com/fuse/esb/4.4/amq_security/Auth-
> JAAS-DualAuthentPlugin.html
> perhaps I am wrong???
> 2. To add precision, I run karaf 3.0.7, and inside activemq 5.12.3.
> My goal is perhaps stupid, having a openwire without ssl (because wait only
> on localhost), and with amqp works with certificates, that all.
> I follow theses links for activemq
> https://access.redhat.com/documentation/en-US/Fuse_MQ_
> Enterprise/7.1/html/Security_Guide/files/SSL-SetSecurityContext.html
> 3. Not yet, but I will do asap.
>
> If you see somethings, I will appreciate any helps
>
> Regards
>
>
>
>
> --
> Sent from: http://activemq.2283324.n4.nabble.com/ActiveMQ-User-
> f2341805.html
>
Reply | Threaded
Open this post in threaded view
|

Re: jaasAuthenticationPlugin ans sslContext in karaf

MillieretXavier
You right I try to have cert-based authentication for AMQP and password-based
authentication for OpenWire

Here my logs (DEBUG) just before a connection
I would like to clarify that without the plugin jaasAuthenticationPlugin,
it's works for a ssl connection.
Like, if I put the pulgin, the sslcontext in the activemq.xml is not take in
count????


2017-11-21 17:18:46,977 | DEBUG | Transport                        | 97  -
org.apache.activemq.activemq-osgi        - 5.12.3         | Transport
Connection to: tcp://xxx.xx.xxx.xx:51495 failed:
javax.net.ssl.SSLHandshakeException: Remote host closed connection during
handshake
javax.net.ssl.SSLHandshakeException: Remote host closed connection during
handshake
        at
sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:992)[:1.8.0_131]
        at
sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375)[:1.8.0_131]
        at
sun.security.ssl.SSLSocketImpl.readDataRecord(SSLSocketImpl.java:928)[:1.8.0_131]
        at
sun.security.ssl.AppInputStream.read(AppInputStream.java:105)[:1.8.0_131]
        at
org.apache.activemq.transport.tcp.TcpBufferedInputStream.fill(TcpBufferedInputStream.java:50)[97:org.apache.activemq.activemq-osgi:5.12.3]
        at
org.apache.activemq.transport.tcp.TcpTransport$2.fill(TcpTransport.java:609)[97:org.apache.activemq.activemq-osgi:5.12.3]
        at
org.apache.activemq.transport.tcp.TcpBufferedInputStream.readStream(TcpBufferedInputStream.java:72)[97:org.apache.activemq.activemq-osgi:5.12.3]
        at
org.apache.activemq.transport.tcp.TcpBufferedInputStream.read(TcpBufferedInputStream.java:92)[97:org.apache.activemq.activemq-osgi:5.12.3]
        at
org.apache.activemq.transport.tcp.TcpTransport$2.read(TcpTransport.java:599)[97:org.apache.activemq.activemq-osgi:5.12.3]
        at java.io.DataInputStream.readFully(DataInputStream.java:195)[:1.8.0_131]
        at
org.fusesource.hawtbuf.Buffer.readFrom(Buffer.java:412)[97:org.apache.activemq.activemq-osgi:5.12.3]
        at
org.apache.activemq.transport.amqp.AmqpWireFormat.unmarshal(AmqpWireFormat.java:102)[97:org.apache.activemq.activemq-osgi:5.12.3]
        at
org.apache.activemq.transport.tcp.TcpTransport.readCommand(TcpTransport.java:221)[97:org.apache.activemq.activemq-osgi:5.12.3]
        at
org.apache.activemq.transport.tcp.TcpTransport.doRun(TcpTransport.java:213)[97:org.apache.activemq.activemq-osgi:5.12.3]
        at
org.apache.activemq.transport.tcp.TcpTransport.run(TcpTransport.java:196)[97:org.apache.activemq.activemq-osgi:5.12.3]
        at java.lang.Thread.run(Thread.java:748)[:1.8.0_131]
Caused by: java.io.EOFException: SSL peer shut down incorrectly
        at sun.security.ssl.InputRecord.read(InputRecord.java:505)[:1.8.0_131]
        at
sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:973)[:1.8.0_131]
        ... 15 more
2017-11-21 17:18:46,981 | DEBUG | ManagementContext                | 97  -
org.apache.activemq.activemq-osgi        - 5.12.3         | Unregistering
MBean
org.apache.activemq:type=Broker,brokerName=amq-broker,connector=clientConnectors,connectorName=amqps,connectionViewType=remoteAddress,connectionName=tcp_//xxx.xx.xxx.xx_51495
2017-11-21 17:18:46,981 | DEBUG | TransportConnection              | 97  -
org.apache.activemq.activemq-osgi        - 5.12.3         | Stopping
connection: tcp://xxx.xx.xxx.xx:51495
2017-11-21 17:18:46,981 | DEBUG | TcpTransport                     | 97  -
org.apache.activemq.activemq-osgi        - 5.12.3         | Stopping
transport ssl:///xxx.xx.xxx.xx:51495
2017-11-21 17:18:46,982 | DEBUG | TaskRunnerFactory                | 97  -
org.apache.activemq.activemq-osgi        - 5.12.3         | Initialized
TaskRunnerFactory[ActiveMQ Task] using ExecutorService:
java.util.concurrent.ThreadPoolExecutor@1e9a61d3[Running, pool size = 0,
active threads = 0, queued tasks = 0, completed tasks = 0]
2017-11-21 17:18:46,983 | DEBUG | TcpTransport                     | 97  -
org.apache.activemq.activemq-osgi        - 5.12.3         | Closed socket
75b3d3e1[SSL_NULL_WITH_NULL_NULL:
Socket[addr=/xxx.xx.xxx.xx,port=51495,localport=5671]]
2017-11-21 17:18:46,983 | DEBUG | ThreadPoolUtils                  | 97  -
org.apache.activemq.activemq-osgi        - 5.12.3         | Forcing shutdown
of ExecutorService:
java.util.concurrent.ThreadPoolExecutor@1e9a61d3[Running, pool size = 1,
active threads = 1, queued tasks = 0, completed tasks = 0]
2017-11-21 17:18:46,983 | DEBUG | TransportConnection              | 97  -
org.apache.activemq.activemq-osgi        - 5.12.3         | Stopped
transport: tcp://xxx.xx.xxx.xx:51495
2017-11-21 17:18:46,987 | DEBUG | TransportConnection              | 97  -
org.apache.activemq.activemq-osgi        - 5.12.3         | Connection
Stopped: tcp://xxx.xx.xxx.xx:51495
2017-11-21 17:18:47,180 | DEBUG | AmqpAuthenticator                | 97  -
org.apache.activemq.activemq-osgi        - 5.12.3         | SASL [ANONYMOUS}
Handshake started.
2017-11-21 17:18:47,322 | DEBUG | AbstractInactivityMonitor        | 97  -
org.apache.activemq.activemq-osgi        - 5.12.3         | WriteChecker:
10021ms elapsed since last write check.
2017-11-21 17:18:47,322 | DEBUG | AbstractInactivityMonitor        | 97  -
org.apache.activemq.activemq-osgi        - 5.12.3         | WriteChecker:
10019ms elapsed since last write check.
2017-11-21 17:18:47,322 | DEBUG | AbstractInactivityMonitor        | 97  -
org.apache.activemq.activemq-osgi        - 5.12.3         | Running
WriteCheck[tcp://127.0.0.1:56742]
2017-11-21 17:18:47,322 | DEBUG | AbstractInactivityMonitor        | 97  -
org.apache.activemq.activemq-osgi        - 5.12.3         | Running
WriteCheck[tcp://127.0.0.1:61616]


Regards







--
Sent from: http://activemq.2283324.n4.nabble.com/ActiveMQ-User-f2341805.html
Reply | Threaded
Open this post in threaded view
|

Re: jaasAuthenticationPlugin ans sslContext in karaf

MillieretXavier
In reply to this post by MillieretXavier
Hi Tim,

I have more explanation but not the solution!!!

I found this bug:
https://issues.jboss.org/browse/ENTMQ-1154

it's the same behavior for my point.
I use (for my test) only activemq 5.15.1 (the latest 5.15.2 zip file is
corrupt!) in standalone (without Karaf)
I reproduce the issue!
I use qpid messaging (latest) to try a connection with the broker.
without
<plugins><jaasDualAuthenticationPlugin
                configuration="activemq-domain"
                sslConfiguration="activemq-ssl-domain"/>
</plugins>

it's works, with this it's fail

Regards




--
Sent from: http://activemq.2283324.n4.nabble.com/ActiveMQ-User-f2341805.html
Reply | Threaded
Open this post in threaded view
|

Re: jaasAuthenticationPlugin ans sslContext in karaf

MillieretXavier
In reply to this post by MillieretXavier
Hi all,

more precision.

For there is a bug when we use my configuration.
I used the latest activeMq 5.15.2

I put my netbeans in debug mode.
Inside the JaasCertificateAuthenticationBroker class, on addConnection the
info.getTransportContext() return null, will a X509Certificate[] is
expected. I assumed the transportContext inside the ConnectionInfo is not
filled ?  Why I don't know???
When I launch my activeMq I set -Djavax.net.debug=ssl,handshake so I saw all
ssl debug and all trusted cert are well see.

Here the stack trace

java.lang.SecurityException: Unable to authenticate transport without SSL
certificate.
        at
org.apache.activemq.security.JaasCertificateAuthenticationBroker.addConnection(JaasCertificateAuthenticationBroker.java:73)[activemq-broker-5.15.2.jar:5.15.2]
        at
org.apache.activemq.security.JaasDualAuthenticationBroker.addConnection(JaasDualAuthenticationBroker.java:92)[activemq-broker-5.15.2.jar:5.15.2]
        at
org.apache.activemq.broker.BrokerFilter.addConnection(BrokerFilter.java:99)[activemq-broker-5.15.2.jar:5.15.2]
        at
org.apache.activemq.broker.TransportConnection.processAddConnection(TransportConnection.java:843)[activemq-broker-5.15.2.jar:5.15.2]
        at
org.apache.activemq.broker.jmx.ManagedTransportConnection.processAddConnection(ManagedTransportConnection.java:77)[activemq-broker-5.15.2.jar:5.15.2]
        at
org.apache.activemq.command.ConnectionInfo.visit(ConnectionInfo.java:139)[activemq-client-5.15.2.jar:5.15.2]
        at
org.apache.activemq.broker.TransportConnection.service(TransportConnection.java:330)[activemq-broker-5.15.2.jar:5.15.2]
        at
org.apache.activemq.broker.TransportConnection$1.onCommand(TransportConnection.java:194)[activemq-broker-5.15.2.jar:5.15.2]
        at
org.apache.activemq.transport.TransportFilter.onCommand(TransportFilter.java:77)[activemq-client-5.15.2.jar:5.15.2]
        at
org.apache.activemq.transport.amqp.AmqpTransportFilter.sendToActiveMQ(AmqpTransportFilter.java:123)[activemq-amqp-5.15.2.jar:5.15.2]
        at
org.apache.activemq.transport.amqp.protocol.AmqpConnection.sendToActiveMQ(AmqpConnection.java:799)[activemq-amqp-5.15.2.jar:5.15.2]
        at
org.apache.activemq.transport.amqp.protocol.AmqpConnection.processConnectionOpen(AmqpConnection.java:470)[activemq-amqp-5.15.2.jar:5.15.2]
        at
org.apache.activemq.transport.amqp.protocol.AmqpConnection.processProtonEvents(AmqpConnection.java:402)[activemq-amqp-5.15.2.jar:5.15.2]
        at
org.apache.activemq.transport.amqp.protocol.AmqpConnection.onAMQPData(AmqpConnection.java:380)[activemq-amqp-5.15.2.jar:5.15.2]
        at
org.apache.activemq.transport.amqp.AmqpTransportFilter.onCommand(AmqpTransportFilter.java:107)[activemq-amqp-5.15.2.jar:5.15.2]
        at
org.apache.activemq.transport.TransportSupport.doConsume(TransportSupport.java:83)[activemq-client-5.15.2.jar:5.15.2]
        at
org.apache.activemq.transport.tcp.SslTransport.doConsume(SslTransport.java:108)[activemq-client-5.15.2.jar:5.15.2]
        at
org.apache.activemq.transport.tcp.TcpTransport.doRun(TcpTransport.java:233)[activemq-client-5.15.2.jar:5.15.2]
        at
org.apache.activemq.transport.tcp.TcpTransport.run(TcpTransport.java:215)[activemq-client-5.15.2.jar:5.15.2]
        at java.lang.Thread.run(Thread.java:748)[:1.8.0_131]
 WARN | Security Error occurred on connection to: tcp://xxx.xx.xx.xx:58173,
Unable to authenticate transport without SSL certificate.

But you see at the end tcp://....... normally ssl://  ????????

Regards





--
Sent from: http://activemq.2283324.n4.nabble.com/ActiveMQ-User-f2341805.html