You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@activemq.apache.org by BlueRHBA <ja...@wipro.com> on 2008/12/05 08:50:39 UTC

Problem with SSL configuration

Hello,

[Sorry for the long post]

I am trying to set up "ssl" on top of ActiveMQ. I have followed the
following procedure for configuring the same:

1. Generated the Certificate Authority(CA) using Openssl.
    C:\ssl>openssl genrsa -des3 -out keys/ca.key 1024
    C:\ssl>openssl req  -new -x509 -days 1001 -key keys/ca.key -out
certs/ca.cer

2. Generated the .keystore file using Keytool.
    keytool -genkey –alias tomcat –keyalg RSA

3. Generated the truststore file using the following command.
    keytool -import -v -keystore server.truststore -storepass 123456 -file
ca.cer

4. Copied the server.truststore file to the tomcat conf directory. 

5. Modified the conf/server.xml file as follows - Uncomment the “SSL
HTTP/1.1 Connector”

<Connector port="8443" minSpareThreads="5" maxSpareThreads="75"
enableLookups="true" disableUploadTimeout="true" acceptCount="100"
maxThreads="200" scheme="https" secure="true" SSLEnabled="true"
keystoreFile="${user.home}/.keystore" keystorePass=<keystore password>
SSLCertificateFile="C:\ssl\certs\ca.cer" clientAuth="false"
sslProtocol="TLS" /> 

Where,
	keystorePass: This is the password that was given while generating the
.keystore using keytool.
	SSLCertificatefile: This is the location of the certificate file.

And, commented the HTTP/1.1 Connector.

6. Changed the channel from "my-amf" to "my-secure-amf" in
flex/WEB-INF/remoting-config.xml.

7. Changed the channel from "my-polling-amf" to "my-secure-polling-amf" in
flex/WEB-INF/messaging-config.xml

8. Changed the channel ref from "my-amf" to "my-secure-amf" and destination
from "DefaultHTTP" to "DefaultHTTPS" in the flex/WEB-INF/proxy-config.xml

And the definitions of the "my-secure-amf" and "my-secure-polling-amf" are
as follows,

<channel-definition id="my-secure-amf"
class="mx.messaging.channels.SecureAMFChannel">
            <endpoint
url="https://{server.name}:{server.port}/{context.root}/messagebroker/amfsecure"
class="flex.messaging.endpoints.SecureAMFEndpoint"/>
            <properties>
                <add-no-cache-headers>false</add-no-cache-headers>
            </properties>
        </channel-definition>

<channel-definition id="my-secure-polling-amf"
class="mx.messaging.channels.SecureAMFChannel">
            <endpoint
url="https://{server.name}:{server.port}/{context.root}/messagebroker/amfsecurepolling"
class="flex.messaging.endpoints.SecureAMFEndpoint"/>
            <properties>
                <polling-enabled>true</polling-enabled>
                <polling-interval-seconds>4</polling-interval-seconds>
            </properties>
        </channel-definition>

But, when I am running my flex application, the remoting over secure channel
is working fine, but the messaging service is not.

It is throwing "Consumer Subscribe Error".

Please provide help in configuring the same as soon as possible. And do let
me know that whether I am missing something in the configuration procedure.

Thanks
-- 
View this message in context: http://www.nabble.com/Problem-with-SSL-configuration-tp20849176p20849176.html
Sent from the ActiveMQ - User mailing list archive at Nabble.com.