You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@qpid.apache.org by Marcello <mf...@euro-finance-systems.fr> on 2012/11/08 12:48:47 UTC
Re: QPid 0.18 C++/C# - client-side certificate authentication -
QpidException
Hi Jakub
I would like to inform you that we applied the FIRST patch attached to JIRA
QPID-3914, the file sel-client-authentication.patch, the client-side
certificate authentication is now possible in many cases, but we continue to
have some issues.
(NB: We have not applied the second patch file
ssl-client-auth-filecert.patch)
The patch has been applied to the QPid C++ 0.18 source-code downloaded from
the Apache website.
I have registered my private certificate in the “My” system store either for
the current user (the user logged onto the machine) either for the local
machine, via the MMC console. Be sure that the certificate is good and it
includes my private key.
Our application is a .Net Windows service, to reference our certificate in
our application we use this code sample: connection.SetOption("username",
"<our account Id>");
When I run theWindows service as the user for whom I registered the
certificate, then the certificate is correctly loaded, instead the
certificate is not loaded when I run the service as the user “LocalSystem”
(the default user we use to run our Windows services). The error "Impossible
to find object or property", is then raised from the Qpid module when it
calls the procedure CertFindCertificateInStore (this call exists since you
applied the first patch attached to JIRA QPID-3914). I point up that the
“My” store instead continues to be accessible.
I used either the MMC console either the winhttpcertcfg.exe system tool in
order to verify that the “LocalSystem” user has the rights to access my
certificate. Afterwards either the MMC console and the winhttpcertcfg.exe
tool confirm that THEORETICALLY the user “LocalSystem” has the rights to
access the certificate.
Do you have any suggestion to help me to solve this problem? Maybe have i to
apply the second patch ssl-client-auth-filecert.patch attached to JIRA
QPID-3914 and use in my service the certificate physical files instead the
certificates system store?
Thanks you in advance..
--
View this message in context: http://qpid.2158936.n2.nabble.com/QPid-0-18-C-C-client-side-certificate-authentication-QpidException-tp7583696p7584446.html
Sent from the Apache Qpid users mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
For additional commands, e-mail: users-help@qpid.apache.org
Re: QPid 0.18 C++/C# - client-side certificate authentication - QpidException
Posted by Jakub Scholz <ja...@scholz.cz>.
Hi Marcello,
Sorry, I meant another store. One more idea ... since you used the
ssl-client-auth-filecert.path version of the patch, you should be able to
point the application to the certificates stored in a files. Have you tried
whether that helps to solve the problem?
Regards
Jakub
On Thu, Nov 8, 2012 at 1:58 PM, Marcello <mf...@euro-finance-systems.fr>wrote:
> Thank you Jakob
>
> i ask you just to complete the option a).
>
> a) load the certificate into another .... account? or store?
>
> Best regards
> Marcello
>
>
>
> --
> View this message in context:
> http://qpid.2158936.n2.nabble.com/QPid-0-18-C-C-client-side-certificate-authentication-QpidException-tp7583696p7584448.html
> Sent from the Apache Qpid users mailing list archive at Nabble.com.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
> For additional commands, e-mail: users-help@qpid.apache.org
>
>
Re: QPid 0.18 C++/C# - client-side certificate authentication -
QpidException
Posted by Marcello <mf...@euro-finance-systems.fr>.
Thank you Jakob
i ask you just to complete the option a).
a) load the certificate into another .... account? or store?
Best regards
Marcello
--
View this message in context: http://qpid.2158936.n2.nabble.com/QPid-0-18-C-C-client-side-certificate-authentication-QpidException-tp7583696p7584448.html
Sent from the Apache Qpid users mailing list archive at Nabble.com.
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
For additional commands, e-mail: users-help@qpid.apache.org
Re: QPid 0.18 C++/C# - client-side certificate authentication - QpidException
Posted by Jakub Scholz <ja...@scholz.cz>.
Hi Marcello,
Honestly, I'm not really a Windows developer - when working on the patch,
the certificate system on Windows seemed to me incredibly chaotic -
especially compared to Java or to the Qpid C++ client on Linux :-(. I also
experienced some issues with finding the proper certificate store.
I would assume that if you run the service under user LocalSystem it has
its own "MY" store. So although it may have access to the "MY" store of the
other user, the store would need to be identified differently. I can try to
investigate it a bit more once I find some free time. In the meantime, you
can try to a) load the certificate into another or b) try to make your
application to search for the certificates in another store (there is an
connection option ssl-cert-store which can be used to point the application
to different stores).
Regards
Jakub
On Thu, Nov 8, 2012 at 12:48 PM, Marcello <mf...@euro-finance-systems.fr>wrote:
> Hi Jakub
>
> I would like to inform you that we applied the FIRST patch attached to JIRA
> QPID-3914, the file sel-client-authentication.patch, the client-side
> certificate authentication is now possible in many cases, but we continue
> to
> have some issues.
> (NB: We have not applied the second patch file
> ssl-client-auth-filecert.patch)
>
> The patch has been applied to the QPid C++ 0.18 source-code downloaded from
> the Apache website.
>
> I have registered my private certificate in the “My” system store either
> for
> the current user (the user logged onto the machine) either for the local
> machine, via the MMC console. Be sure that the certificate is good and it
> includes my private key.
>
> Our application is a .Net Windows service, to reference our certificate in
> our application we use this code sample: connection.SetOption("username",
> "<our account Id>");
>
> When I run theWindows service as the user for whom I registered the
> certificate, then the certificate is correctly loaded, instead the
> certificate is not loaded when I run the service as the user “LocalSystem”
> (the default user we use to run our Windows services). The error
> "Impossible
> to find object or property", is then raised from the Qpid module when it
> calls the procedure CertFindCertificateInStore (this call exists since you
> applied the first patch attached to JIRA QPID-3914). I point up that the
> “My” store instead continues to be accessible.
>
> I used either the MMC console either the winhttpcertcfg.exe system tool in
> order to verify that the “LocalSystem” user has the rights to access my
> certificate. Afterwards either the MMC console and the winhttpcertcfg.exe
> tool confirm that THEORETICALLY the user “LocalSystem” has the rights to
> access the certificate.
>
> Do you have any suggestion to help me to solve this problem? Maybe have i
> to
> apply the second patch ssl-client-auth-filecert.patch attached to JIRA
> QPID-3914 and use in my service the certificate physical files instead the
> certificates system store?
>
> Thanks you in advance..
>
>
>
> --
> View this message in context:
> http://qpid.2158936.n2.nabble.com/QPid-0-18-C-C-client-side-certificate-authentication-QpidException-tp7583696p7584446.html
> Sent from the Apache Qpid users mailing list archive at Nabble.com.
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
> For additional commands, e-mail: users-help@qpid.apache.org
>
>