You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@activemq.apache.org by Boris Belov <bb...@gmail.com> on 2010/02/03 00:48:58 UTC
Configuring ActiveMQ Embedded Broker over HTTPS
Hello,
We are attempting to configure embedded ActiveMQ broker over https and
failing to do so. Any attempt to start the broker results in
jetty.ssl.password prompt.
After entering the password the following exception is generated.
2010-02-02 15:47:10.931::INFO: jetty-6.1.11
2010-02-02 15:47:10.938::INFO: Started SslSocketConnector@0.0.0.0:62010
INFO - TransportConnector - Connector
https://0.0.0.0:62010?trace=true Started
2010-02-02 15:47:10.939::WARN: EXCEPTION
javax.net.ssl.SSLException: No available certificate or key corresponds to
the SSL cipher suites which are enabled.
at
com.sun.net.ssl.internal.ssl.SSLServerSocketImpl.checkEnabledSuites(SSLServerSocketImpl.java:307)
at
com.sun.net.ssl.internal.ssl.SSLServerSocketImpl.accept(SSLServerSocketImpl.java:253)
at
org.mortbay.jetty.security.SslSocketConnector.accept(SslSocketConnector.java:172)
at
org.mortbay.jetty.AbstractConnector$Acceptor.run(AbstractConnector.java:707)
at
org.mortbay.thread.QueuedThreadPool$PoolThread.run(QueuedThreadPool.java:488)
jetty.ssl.password :
Tcp and HTTP transport works just fine. Any help is appreciated.
Below is the configuration and code snippets.
- jetty 6.1.11 started via Maven jetty plugin:
...
<plugin>
<groupId>org.mortbay.jetty</groupId>
<artifactId>maven-jetty-plugin</artifactId>
<version>${jetty.version}</version>
<configuration>
<connectors>
<connector
implementation="org.mortbay.jetty.nio.SelectChannelConnector">
<port>8082</port>
</connector>
<connector
implementation="org.mortbay.jetty.security.SslSocketConnector">
<port>8443</port>
<keystore>${project.build.directory}/jetty-ssl.keystore</keystore>
<password>password</password>
<keyPassword>password</keyPassword>
</connector>
</connectors>
<webAppConfig>
<contextPath>....</contextPath>
</webAppConfig>
</configuration>
</plugin>
...
- ActiveMQ embedded broker is embedded within webapp and started runtime:
....
@Override
public void initialize(Map<String, Object> m) throws Exception {
this.svc = new BrokerService();
for (int i = 1;; i++) {
String key = "connector" + i;
if (!m.containsKey(key)) {break;}
this.svc.addConnector((String) m.get(key));
}
initSSL();
this.svc.start();
}
private void initSSL() throws Exception {
TrustManager[] tms = getTrustManagers();
KeyManager[] kms = getKeyManagers();
SSLContext context = SSLContext.getInstance("SSL");
context.init(kms, tms, null);
SslContext ctxt = new SslContext();
ctxt.setSSLContext(context);
SslContext.setCurrentSslContext(ctxt);
}
private TrustManager[] getTrustManagers() throws Exception {
// First, get the default TrustManagerFactory.
String alg = TrustManagerFactory.getDefaultAlgorithm();
TrustManagerFactory tmFact = TrustManagerFactory.getInstance(alg);
KeyStore ks = loadKeyStore();
tmFact.init(ks);
// And now get the TrustManagers
TrustManager[] tms = tmFact.getTrustManagers();
return tms;
}
private KeyManager[] getKeyManagers() throws Exception {
// First, get the default KeyManagerFactory.
String alg = KeyManagerFactory.getDefaultAlgorithm();
KeyManagerFactory kmFact = KeyManagerFactory.getInstance(alg);
KeyStore ks = loadKeyStore();
// Now we initialise the KeyManagerFactory with this KeyStore
kmFact.init(ks, ssl_password.toCharArray());
// And now get the KeyManagers
KeyManager[] kms = kmFact.getKeyManagers();
return kms;
}
private KeyStore loadKeyStore() throws Exception {
FileInputStream fis = null;
KeyStore ks = null;
try {
fis = new FileInputStream(ssl_path);
ks = KeyStore.getInstance("jks");
ks.load(fis, ssl_password.toCharArray());
}
finally {if (fis != null) fis.close();}
return ks;
}
private BrokerService svc;
private final static String ssl_password = "password";
private final static String ssl_path = "/var/com/company/keys/jetty.jks";
Thank you,
Boris.
--
View this message in context: http://old.nabble.com/Configuring-ActiveMQ-Embedded-Broker-over-HTTPS-tp27429414p27429414.html
Sent from the ActiveMQ - User mailing list archive at Nabble.com.
Re: Configuring ActiveMQ Embedded Broker over HTTPS
Posted by Bruce Snyder <br...@gmail.com>.
On Tue, Feb 2, 2010 at 4:48 PM, Boris Belov <bb...@gmail.com> wrote:
>
> Hello,
>
> We are attempting to configure embedded ActiveMQ broker over https and
> failing to do so. Any attempt to start the broker results in
> jetty.ssl.password prompt.
> After entering the password the following exception is generated.
>
> 2010-02-02 15:47:10.931::INFO: jetty-6.1.11
> 2010-02-02 15:47:10.938::INFO: Started SslSocketConnector@0.0.0.0:62010
> INFO - TransportConnector - Connector
> https://0.0.0.0:62010?trace=true Started
> 2010-02-02 15:47:10.939::WARN: EXCEPTION
> javax.net.ssl.SSLException: No available certificate or key corresponds to
> the SSL cipher suites which are enabled.
> at
> com.sun.net.ssl.internal.ssl.SSLServerSocketImpl.checkEnabledSuites(SSLServerSocketImpl.java:307)
> at
> com.sun.net.ssl.internal.ssl.SSLServerSocketImpl.accept(SSLServerSocketImpl.java:253)
> at
> org.mortbay.jetty.security.SslSocketConnector.accept(SslSocketConnector.java:172)
> at
> org.mortbay.jetty.AbstractConnector$Acceptor.run(AbstractConnector.java:707)
> at
> org.mortbay.thread.QueuedThreadPool$PoolThread.run(QueuedThreadPool.java:488)
> jetty.ssl.password :
Have you imported the CA certs into the correct keystore? I've
experienced this problem myself in the past. Also make sure that the
private key is in the keystore, not just the public key.
Also, take a look at the instructions here:
http://activemq.apache.org/how-do-i-use-ssl.html
When I've had problems in the past with SSL, reading through these has helped.
Bruce
--
perl -e 'print unpack("u30","D0G)U8V4\@4VYY9&5R\"F)R=6-E+G-N>61E<D\!G;6%I;\"YC;VT*"
);'
ActiveMQ in Action: http://bit.ly/2je6cQ
Blog: http://bruceblog.org/
Twitter: http://twitter.com/brucesnyder