Re: SSL certificates not being sent in C# listener connection

[wolfie <sh...@za.go2uti.com>]

Hi, Original Poster here again.

No easy solution yet. Only solution I've had suggested to me that might work
is creating our own local ActiveMQ queue, redirecting our sender and
listener applications to that local queue (avoiding SSL at this pornt) and
building a Java bridge application to pick things up off our local queue to
send to the other company's queue and returning messages from their queue to
ours, using SSL in that bridge application. 

I'm not too happy with it, since it's two more moving parts that can break,
but this is too urgent to mess around with anymore. I'm going to be spending
to day trying to learn enough Java to code this. Will let you know if it
solves my problem.



--
View this message in context: http://activemq.2283324.n4.nabble.com/SSL-certificates-not-being-sent-in-C-listener-connection-tp3954853p3962539.html
Sent from the ActiveMQ - User mailing list archive at Nabble.com.

Re: SSL certificates not being sent in C# listener connection

[Timothy Bish <ta...@gmail.com>]

On Mon, 2011-12-05 at 21:31 -0800, wolfie wrote:
> Hi Original Poster again. 
> 
> Properly solved it this time. The local queue and Java bridge was a
> nightmare short term solution, but it bought me the time to try other stuff
> to get it working properly.
> 
> 1) Export the server certificate as base 64 encoded X.509 CER, private keys
> not included (assume for this example we called the certificate test.cer).
> 
> 2) Include this certificate file in the applications directory, i.e. the
> same folder as the exe file. (I think that it has to be the bin dir for VB
> apps?).
> 
> 3) Use this modifier on the end of the connection ssl url:
> ?transport.clientcertfilename=test.cer
> 
> NOTE: I can't seem to get this working for a windows service, only a windows
> forms application. I think it has something to do with the windows service's
> working directory not being its own directory but rather the window/System32
> dir. I converted my windows service to a windows forms app. Less discrete,
> but actually functional with SSL.
> 

Did you try setting the filename for the client to cert to the full path
of some well known location on the machine?  

Regards

-- 
Tim Bish
------------
FuseSource
Email: tim.bish@fusesource.com
Web: http://fusesource.com
Twitter: tabish121
Blog: http://timbish.blogspot.com/

Re: SSL certificates not being sent in C# listener connection

[wolfie <sh...@za.go2uti.com>]

Hi Original Poster again. 

Properly solved it this time. The local queue and Java bridge was a
nightmare short term solution, but it bought me the time to try other stuff
to get it working properly.

1) Export the server certificate as base 64 encoded X.509 CER, private keys
not included (assume for this example we called the certificate test.cer).

2) Include this certificate file in the applications directory, i.e. the
same folder as the exe file. (I think that it has to be the bin dir for VB
apps?).

3) Use this modifier on the end of the connection ssl url:
?transport.clientcertfilename=test.cer

NOTE: I can't seem to get this working for a windows service, only a windows
forms application. I think it has something to do with the windows service's
working directory not being its own directory but rather the window/System32
dir. I converted my windows service to a windows forms app. Less discrete,
but actually functional with SSL.

--
View this message in context: http://activemq.2283324.n4.nabble.com/SSL-certificates-not-being-sent-in-C-listener-connection-tp3954853p4163549.html
Sent from the ActiveMQ - User mailing list archive at Nabble.com.

Re: SSL certificates not being sent in C# listener connection

[wolfie <sh...@za.go2uti.com>]

Original Poster again. Solved it (sort of).

We are now running our own internal queue and I wrote a bridging application
in Java to make the SSL handshake. It takes messages of our own internal
queue and forwards them onto the other company's queue, and takes messages
off the company queue and resends them onto our queue.

Clumsy and by no means ideal, but it works.


--
View this message in context: http://activemq.2283324.n4.nabble.com/SSL-certificates-not-being-sent-in-C-listener-connection-tp3954853p3972179.html
Sent from the ActiveMQ - User mailing list archive at Nabble.com.