You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@qpid.apache.org by jeunii <ij...@gmail.com> on 2017/05/10 17:52:31 UTC

Qpid config for certificate giving ERROR.

I have a keystore file that works good. I have tested it using the below
command ::

root@server # java
-Djavax.net.ssl.trustStore=/tmp/apache-servicemix-7.0.0/deploy/qpid.jks
SSLPoke esesslx0ghk.se 9443
*Successfully connected*

Now that I am certain that my keystore file works fine, I am going to use it
in my Qpid config that is deployed over ServiceMix.

My config is as follows ::

  <bean id="amqp" class="org.apache.camel.component.amqp.AMQPComponent">
    <property name="connectionFactory">
       <bean class="org.apache.qpid.jms.JmsConnectionFactory">
         <property name="remoteURI"
value="amqps://esesslx0ghk.se:9443?transport.keyStoreLocation=/tmp/apache-servicemix-7.0.0/deploy/qpid.jks&amp;transport.keyStorePassword=test123"
/>
       </bean>
    </property>
  </bean>
 
But when I run my application, I get the ERROR ::

2017-05-10 17:30:02,591 | ERROR | mer[CSDP_output] | JmsConnectionFactory            
| 226 - qpid-jms-client.jar - 0.0.0 | Failed to create JMS Provider instance
for: amqps
2017-05-10 17:30:02,619 | ERROR | mer[CSDP_output] |
faultJmsMessageListenerContainer | 155 -
org.apache.servicemix.bundles.spring-jms - 3.2.17.RELEASE_1 | Could not
refresh JMS Connection for destination 'CSDP_output' - retrying in 5000 ms.
Cause: Failed to create connection to:
amqps://esesslx0ghk.se:9443?transport.keyStoreLocation=%252Ftmp%252Fapache-servicemix-7.0.0%252Fdeploy%252Fqpidd.jks&transport.keyStorePassword=test123;
nested exception is javax.net.ssl.SSLHandshakeException: General SSLEngine
problem
javax.jms.JMSException: Failed to create connection to:
amqps://esesslx0ghk.se:9443?transport.keyStoreLocation=%252Ftmp%252Fapache-servicemix-7.0.0%252Fdeploy%252Fqpidd.jks&transport.keyStorePassword=test123


Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
	at
sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1478)[:1.8.0_121]
	at
sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:535)[:1.8.0_121]
	at
sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:813)[:1.8.0_121]
	at
sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:781)[:1.8.0_121]
	at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624)[:1.8.0_121]


Caused by: sun.security.validator.ValidatorException: PKIX path building
failed: sun.security.provider.certpath.SunCertPathBuilderException: unable
to find valid certification path to requested target
	at
sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387)[:1.8.0_121]
	at
sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)[:1.8.0_121]
	at
sun.security.validator.Validator.validate(Validator.java:260)[:1.8.0_121]
	at
sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)[:1.8.0_121]
	at
sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:281)[:1.8.0_121]
	at
sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:136)[:1.8.0_121]
	at
sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1501)[:1.8.0_121]
	... 21 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException:
unable to find valid certification path to requested target
	at
sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)[:1.8.0_121]
	at
sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)[:1.8.0_121]


Now on one hand I am 100% sure that the keystore file I have is correct and
its path is properly configured. But the application is not able to pick it
up. Is there something wrong with this line ?

<property name="remoteURI"
value="amqps://esesslx0ghk.se:9443?transport.keyStoreLocation=/tmp/apache-servicemix-7.0.0/deploy/qpidd.jks&amp;transport.keyStorePassword=test123"
/>



--
View this message in context: http://qpid.2158936.n2.nabble.com/Qpid-config-for-certificate-giving-ERROR-tp7663024.html
Sent from the Apache Qpid users mailing list archive at Nabble.com.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
For additional commands, e-mail: users-help@qpid.apache.org

Re: Qpid config for certificate giving ERROR.

Posted by Robbie Gemmell <ro...@gmail.com>.

On 10 May 2017 at 18:52, jeunii <ij...@gmail.com> wrote:
> I have a keystore file that works good. I have tested it using the below
> command ::
>
> root@server # java
> -Djavax.net.ssl.trustStore=/tmp/apache-servicemix-7.0.0/deploy/qpid.jks
> SSLPoke esesslx0ghk.se 9443
> *Successfully connected*
>
> Now that I am certain that my keystore file works fine, I am going to use it
> in my Qpid config that is deployed over ServiceMix.
>
> My config is as follows ::
>
>   <bean id="amqp" class="org.apache.camel.component.amqp.AMQPComponent">
>     <property name="connectionFactory">
>        <bean class="org.apache.qpid.jms.JmsConnectionFactory">
>          <property name="remoteURI"
> value="amqps://esesslx0ghk.se:9443?transport.keyStoreLocation=/tmp/apache-servicemix-7.0.0/deploy/qpid.jks&amp;transport.keyStorePassword=test123"
> />
>        </bean>
>     </property>
>   </bean>
>
> But when I run my application, I get the ERROR ::
>
> 2017-05-10 17:30:02,591 | ERROR | mer[CSDP_output] | JmsConnectionFactory
> | 226 - qpid-jms-client.jar - 0.0.0 | Failed to create JMS Provider instance
> for: amqps
> 2017-05-10 17:30:02,619 | ERROR | mer[CSDP_output] |
> faultJmsMessageListenerContainer | 155 -
> org.apache.servicemix.bundles.spring-jms - 3.2.17.RELEASE_1 | Could not
> refresh JMS Connection for destination 'CSDP_output' - retrying in 5000 ms.
> Cause: Failed to create connection to:
> amqps://esesslx0ghk.se:9443?transport.keyStoreLocation=%252Ftmp%252Fapache-servicemix-7.0.0%252Fdeploy%252Fqpidd.jks&transport.keyStorePassword=test123;
> nested exception is javax.net.ssl.SSLHandshakeException: General SSLEngine
> problem
> javax.jms.JMSException: Failed to create connection to:
> amqps://esesslx0ghk.se:9443?transport.keyStoreLocation=%252Ftmp%252Fapache-servicemix-7.0.0%252Fdeploy%252Fqpidd.jks&transport.keyStorePassword=test123
>
>
> Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
>         at
> sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1478)[:1.8.0_121]
>         at
> sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:535)[:1.8.0_121]
>         at
> sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:813)[:1.8.0_121]
>         at
> sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:781)[:1.8.0_121]
>         at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624)[:1.8.0_121]
>
>
> Caused by: sun.security.validator.ValidatorException: PKIX path building
> failed: sun.security.provider.certpath.SunCertPathBuilderException: unable
> to find valid certification path to requested target
>         at
> sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:387)[:1.8.0_121]
>         at
> sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:292)[:1.8.0_121]
>         at
> sun.security.validator.Validator.validate(Validator.java:260)[:1.8.0_121]
>         at
> sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324)[:1.8.0_121]
>         at
> sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:281)[:1.8.0_121]
>         at
> sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:136)[:1.8.0_121]
>         at
> sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1501)[:1.8.0_121]
>         ... 21 more
> Caused by: sun.security.provider.certpath.SunCertPathBuilderException:
> unable to find valid certification path to requested target
>         at
> sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)[:1.8.0_121]
>         at
> sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)[:1.8.0_121]
>
>
> Now on one hand I am 100% sure that the keystore file I have is correct and
> its path is properly configured. But the application is not able to pick it
> up. Is there something wrong with this line ?
>
> <property name="remoteURI"
> value="amqps://esesslx0ghk.se:9443?transport.keyStoreLocation=/tmp/apache-servicemix-7.0.0/deploy/qpidd.jks&amp;transport.keyStorePassword=test123"
> />
>

Probably. You are specifying a key store location, when you likely
want to be specifying a trust store location instead.

The stacktrace is indicating the client/jvm is unable to validate
trust of the certificate presented by the server (not that it cant
find the store you are configuring) because it cant establish a
certification path/chain for it. This is presumably because there
isn't one, since you are specifying a keyStoreLocation in the JMS
client URI, rather than a trustStoreLocation as would be equivalent to
what you did in the other test.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
For additional commands, e-mail: users-help@qpid.apache.org