You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@activemq.apache.org by "Justin Bertram (Jira)" <ji...@apache.org> on 2021/10/25 16:54:00 UTC
[jira] [Resolved] (ARTEMIS-3053) Log Subject Name of expired client
certificates
[ https://issues.apache.org/jira/browse/ARTEMIS-3053?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Justin Bertram resolved ARTEMIS-3053.
-------------------------------------
Resolution: Won't Do
I've looked into this and I don't see a way to get the client's certificate information in the {{exceptionCaught}} method of the {{org.apache.activemq.artemis.core.remoting.impl.netty.NettyAcceptor.SslHandshakeExceptionHandler}} which handles this exception. Feel free to re-open if you have other ideas.
> Log Subject Name of expired client certificates
> -----------------------------------------------
>
> Key: ARTEMIS-3053
> URL: https://issues.apache.org/jira/browse/ARTEMIS-3053
> Project: ActiveMQ Artemis
> Issue Type: Improvement
> Components: AMQP, Broker
> Affects Versions: 2.16.0
> Reporter: Sebastian T
> Priority: Minor
>
> We are using client authentication with our large central cloud broker instance and are seeing CertificateExpiredExceptions in the logs:
> {{AMQ222208: SSL handshake failed for client from /x.x.x.x:59484: java.security.cert.CertificateExpiredException: NotAfter: Wed Sep 23 15:00:00 CEST 2020.}}
> It would be very helpful if the client certificate subject DN could be logged too so we can figure out which client apps causing this.
> The reported IP address is not helpful as the client apps are running elastic K8s/cloud foundry clusters.
>
> Logging happens here [https://github.com/apache/activemq-artemis/blob/bfca1c59de57168afec045dd5b889c759b3e58a1/artemis-server/src/main/java/org/apache/activemq/artemis/core/remoting/impl/netty/NettyAcceptor.java#L1012]
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)