You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@qpid.apache.org by Vavricka <va...@gmail.com> on 2018/12/12 15:06:59 UTC
[Java Broker] Connection to broker using public key of
certification authority in broker truststore
Hi,
I tried to authenticate via certificate which is signed by my own
certificate authority and only certificate authority public key is present
in broker.
Steps I have done:
* create certificate authority
* add public CA key to broker truststore (certutil DB in C++ broker)
* sign client private key by CA
* use signed private certificate in client to connect to broker
When I perform steps above I am able to connect to C++ broker if only public
CA key is present in broker certificate DB. When I used same steps on Java
Broker I get exception 'javax.net.ssl.SSLException: Received fatal alert:
certificate_unknown'.
Am I doing something wrong?
Does Java Broker supports this feature?
qpid-cpp version 1.36.0
Java Broker version 7.0.4
Best Regards,
Tomas
--
Sent from: http://qpid.2158936.n2.nabble.com/Apache-Qpid-users-f2158936.html
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
For additional commands, e-mail: users-help@qpid.apache.org
Re: [Java Broker] Connection to broker using public key of
certification authority in broker truststore
Posted by Rob Godfrey <ro...@gmail.com>.
On Wed, 12 Dec 2018 at 16:13, Vavricka <va...@gmail.com> wrote:
> Hi,
>
> I tried to authenticate via certificate which is signed by my own
> certificate authority and only certificate authority public key is present
> in broker.
>
> Steps I have done:
> * create certificate authority
> * add public CA key to broker truststore (certutil DB in C++ broker)
> * sign client private key by CA
> * use signed private certificate in client to connect to broker
>
> When I perform steps above I am able to connect to C++ broker if only
> public
> CA key is present in broker certificate DB. When I used same steps on Java
> Broker I get exception 'javax.net.ssl.SSLException: Received fatal alert:
> certificate_unknown'.
>
> Am I doing something wrong?
>
> Does Java Broker supports this feature?
>
>
Broker-J supports client authentication using certificates and there are
tests for this functionality. What is the configuration you have used for
the port/truststore on the (Java) Broker? Have you checked your jks? store
to make sure the certificates were imported correctly?
-- Rob
> qpid-cpp version 1.36.0
> Java Broker version 7.0.4
>
> Best Regards,
> Tomas
>
>
>
> --
> Sent from:
> http://qpid.2158936.n2.nabble.com/Apache-Qpid-users-f2158936.html
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
> For additional commands, e-mail: users-help@qpid.apache.org
>
>
Re: [Java Broker] Connection to broker using public key of
certification authority in broker truststore
Posted by Vavricka <va...@gmail.com>.
Hi,
thank you for quick replies.
When I checked system tests I remembered there is property "Peers only" set
to true in truststore in our broker setup.
I set "Peers only" to false, restarted broker and I was able to connect with
certificate signed by custom CA.
Best Regards,
Tomas
--
Sent from: http://qpid.2158936.n2.nabble.com/Apache-Qpid-users-f2158936.html
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
For additional commands, e-mail: users-help@qpid.apache.org
Re: [Java Broker] Connection to broker using public key of
certification authority in broker truststore
Posted by Oleksandr Rudyy <or...@gmail.com>.
Hi Tomas,
As far as I understood you are trying to set-up client certificate
authentication of the client connections over SSL.
It should work with Broker-J. For example, system tests [1] and [2]
are testing client cert authentication with custom CA.
Kind Regards,
Alex
[1] https://github.com/apache/qpid-broker-j/blob/master/systests/qpid-systests-jms_1.1/src/test/java/org/apache/qpid/systests/jms_1_1/extensions/tls/TlsTest.java
[2] https://github.com/apache/qpid-broker-j/blob/master/systests/qpid-systests-jms_1.1/src/test/java/org/apache/qpid/systests/jms_1_1/extensions/sasl/AuthenticationTest.java
On Wed, 12 Dec 2018 at 15:13, Vavricka <va...@gmail.com> wrote:
>
> Hi,
>
> I tried to authenticate via certificate which is signed by my own
> certificate authority and only certificate authority public key is present
> in broker.
>
> Steps I have done:
> * create certificate authority
> * add public CA key to broker truststore (certutil DB in C++ broker)
> * sign client private key by CA
> * use signed private certificate in client to connect to broker
>
> When I perform steps above I am able to connect to C++ broker if only public
> CA key is present in broker certificate DB. When I used same steps on Java
> Broker I get exception 'javax.net.ssl.SSLException: Received fatal alert:
> certificate_unknown'.
>
> Am I doing something wrong?
>
> Does Java Broker supports this feature?
>
> qpid-cpp version 1.36.0
> Java Broker version 7.0.4
>
> Best Regards,
> Tomas
>
>
>
> --
> Sent from: http://qpid.2158936.n2.nabble.com/Apache-Qpid-users-f2158936.html
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
> For additional commands, e-mail: users-help@qpid.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@qpid.apache.org
For additional commands, e-mail: users-help@qpid.apache.org