You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@activemq.apache.org by "Dondorp, Erwin" <er...@cgi.com> on 2021/04/18 15:49:45 UTC
downstream federation and ssl in artemis
Hello!
I'm struggling with the use of SSL in my pair of brokers that are connected using the federation mechanism from Artemis.
Clients can successfully connect to either broker using ssl; and the federation setup also works using non-ssl.
And it also works for upstream traffic using ssl, but so far not for downstream traffic using ssl.
--> The quick question: has anyone successfully used downstream federation with ssl?
Here are some more details that I already have...
In my case, broker A sets up the federation connections, for both upstream and downstream.
But broker B complains about "AMQ214016: Failed to create netty connection: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target" ... "Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target" ... "Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target"
I did provide the location of the truststore on both A and B, and I know that A first sends a callback url to B, so that B can connect back to A. And therefore the truststore on B is also important.
So, I am quite sure it should be working. Any "yes" answer on the above question may help to decide whether this can be done, or that I'm hitting a bug.
Thx!
e.
Re: downstream federation and ssl in artemis
Posted by Gary Tully <ga...@gmail.com>.
I think it should work, the TLS configuration is independent. the
callback is the "name" of the connector/locator
I guess if you can narrow it down a little, and maybe generate logging
with system property -Djavax.net.debug=all it may be clear what is
going wrong.
On Sun, 18 Apr 2021 at 16:49, Dondorp, Erwin <er...@cgi.com> wrote:
>
> Hello!
>
> I'm struggling with the use of SSL in my pair of brokers that are connected using the federation mechanism from Artemis.
> Clients can successfully connect to either broker using ssl; and the federation setup also works using non-ssl.
> And it also works for upstream traffic using ssl, but so far not for downstream traffic using ssl.
>
> --> The quick question: has anyone successfully used downstream federation with ssl?
>
> Here are some more details that I already have...
> In my case, broker A sets up the federation connections, for both upstream and downstream.
> But broker B complains about "AMQ214016: Failed to create netty connection: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target" ... "Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target" ... "Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target"
> I did provide the location of the truststore on both A and B, and I know that A first sends a callback url to B, so that B can connect back to A. And therefore the truststore on B is also important.
> So, I am quite sure it should be working. Any "yes" answer on the above question may help to decide whether this can be done, or that I'm hitting a bug.
>
> Thx!
> e.