You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@activemq.apache.org by Marc Ende <ml...@e-beyond.de> on 2010/01/02 12:19:05 UTC

Client Certificate not sent in activemq 5.3.0

Hi,

I've tried to set up a bridge between two brokers. 
It works when having no encryption (ssl) and with encryption.
But when I have encryption with certificate-based authentication
it doesn't.

I always receive an bad_certificate alert from the server.

Within the handshake everything works fine until the server sends
the Certificate Request. But there is no point where it finds the certificate
in the specified keystore. That means there is no "matching alias: XXXX".

Even the send bytes doesn't look like that there is send a certificate
because it's too small.

It looks like the issue AMQ-1381 or AMQ-1330 but
these should be fixed since 5.1.0. (I'm using 5.3.0).

Does anybody has such configuration running or does anyone has an idea?

Thanks for your help (and a happy new year).

Marc

Re: Client Certificate not sent in activemq 5.3.0

Posted by James Casey <ja...@gmail.com>.

Hi Marc,

We have this configuration working (SSL between brokers with
certificate based authentication and client certificate checking) - it
relied on AMQ-2474
(<https://issues.apache.org/activemq/browse/AMQ-2474>) being fixed,
which looks like it's in 5.3.1 (We're using Fuse 5.3.0.5 and it works
fine.)

cheers,

James.
--
2010/1/2 Marc Ende <ml...@e-beyond.de>:
> Hi,
>
> I've tried to set up a bridge between two brokers.
> It works when having no encryption (ssl) and with encryption.
> But when I have encryption with certificate-based authentication
> it doesn't.
>
> I always receive an bad_certificate alert from the server.
>
> Within the handshake everything works fine until the server sends
> the Certificate Request. But there is no point where it finds the certificate
> in the specified keystore. That means there is no "matching alias: XXXX".
>
> Even the send bytes doesn't look like that there is send a certificate
> because it's too small.
>
> It looks like the issue AMQ-1381 or AMQ-1330 but
> these should be fixed since 5.1.0. (I'm using 5.3.0).
>
> Does anybody has such configuration running or does anyone has an idea?
>
> Thanks for your help (and a happy new year).
>
> Marc
>