You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@activemq.apache.org by j0llyr0g3r <ti...@wincor-nixdorf.com> on 2008/05/14 14:14:15 UTC
HTTPS in general not working between brokers?
Hey folks,
i have a major problem with AMQ here.
After extensively reading / searching:
-> google
-> the mailing-list
-> the official documentation
-> the documentation from ttmsolutions.com
-> Jira
and after opening up this thread
->http://www.nabble.com/http-ok%2C-ssl-ok%2C-HTTPS--%3E-NOT-ok--td17131092s2354.html#a17131092
i have come to the conclusion that https can only be used between clients
and brokers but NOT between brokers and brokers.
I didn't find any statement which clarifies this matter, so this is just my
guess.
Could somebody please clarify this issue?
Has anybody ever used a https-connection between brokers?
--
View this message in context: http://www.nabble.com/HTTPS-in-general-not-working-between-brokers--tp17229631s2354p17229631.html
Sent from the ActiveMQ - User mailing list archive at Nabble.com.
Re: HTTPS in general not working between brokers?
Posted by Bruce Snyder <br...@gmail.com>.
On Mon, May 19, 2008 at 12:50 PM, j0llyr0g3r
<ti...@wincor-nixdorf.com> wrote:
>
> Hi,
>
> i would like to join the IRC-channel, but unfortunately company's security
> policy doesn't allow IRC-traffic.
>
> I tried via mibbit.com (web-based IRC-client), but no luck so far.
>
> Could it be that your IRC-Server is not accessible via public IRC-servers
> like irc.freenode.net?
1) Go to http://irc.codehaus.org/
2) Enter your username and select the #codehaus channel
3) Once inside the #codehaus channel, type the following IRC command
into the command box:
/join #activemq
4) In a few seconds you should be in the #activemq channel via a HTTP
proxy (i.e., IRC tunneled over HTTP (port 80))
Bruce
--
perl -e 'print unpack("u30","D0G)U8V4\@4VYY9&5R\"F)R=6-E+G-N>61E<D\!G;6%I;\"YC;VT*"
);'
Apache ActiveMQ - http://activemq.org/
Apache Camel - http://activemq.org/camel/
Apache ServiceMix - http://servicemix.org/
Apache Geronimo - http://geronimo.apache.org/
Blog: http://bruceblog.org/
Re: HTTPS in general not working between brokers?
Posted by j0llyr0g3r <ti...@wincor-nixdorf.com>.
Hi,
i would like to join the IRC-channel, but unfortunately company's security
policy doesn't allow IRC-traffic.
I tried via mibbit.com (web-based IRC-client), but no luck so far.
Could it be that your IRC-Server is not accessible via public IRC-servers
like irc.freenode.net?
--
View this message in context: http://www.nabble.com/HTTPS-in-general-not-working-between-brokers--tp17229631s2354p17325496.html
Sent from the ActiveMQ - User mailing list archive at Nabble.com.
Re: HTTPS in general not working between brokers?
Posted by Hiram Chirino <hi...@hiramchirino.com>.
OK.. perhaps the best way is if you join the our IRC channel at:
irc://irc.codehaus.org/activemq
that way I can give you better real time help on getting started at
tacking this issue.
Regards,
Hiram
On Thu, May 15, 2008 at 2:44 PM, j0llyr0g3r
<ti...@wincor-nixdorf.com> wrote:
>
> Hi,
>
> regarding:
>
> If you interested in helping let me know and I'll get
> you started in the right direction.
>
>
> Since we have an urgent need for this functionality: Yes, please get me
> started, and i will (hopefully) be able to supply a patch....
>
> --
> View this message in context: http://www.nabble.com/HTTPS-in-general-not-working-between-brokers--tp17229631s2354p17259835.html
> Sent from the ActiveMQ - User mailing list archive at Nabble.com.
>
>
--
Regards,
Hiram
Blog: http://hiramchirino.com
Open Source SOA
http://open.iona.com
Re: HTTPS in general not working between brokers?
Posted by j0llyr0g3r <ti...@wincor-nixdorf.com>.
Hi,
regarding:
If you interested in helping let me know and I'll get
you started in the right direction.
Since we have an urgent need for this functionality: Yes, please get me
started, and i will (hopefully) be able to supply a patch....
--
View this message in context: http://www.nabble.com/HTTPS-in-general-not-working-between-brokers--tp17229631s2354p17259835.html
Sent from the ActiveMQ - User mailing list archive at Nabble.com.
Re: HTTPS in general not working between brokers?
Posted by ttmdev <jo...@ttmsolutions.com>.
Be advised that if not configured properly, Jetty's SslSocketConnector may go
into an infinite loop, and your VM quickly runs out of memory. All this
happens during broker startup. A couple of months back, someone else
encountered the same problem and engaged the Jetty professional support team
to solve the problem. Here's what he had to say.
"They (Jetty professional support team) copied my code and keystore and
duplicated the problem at their servers. They were able to turn on debug
flags that I did not know existed and see an exception that Jetty was
silently burying, that showed the SSL certificate had not been loaded into
the keystore successfully. They did something to load the certificate
differently and they tell me they got it to work. I don't know what they
did, but they explained it in a document I have not read yet as I have been
traveling overseas."
Joe
ttmdev wrote:
>
> I reopened AMQ-1098 and submitted a patch. HttpsTransportFactory is not
> overriding HttpTransportFactory's doBind(URI location) method; therefore,
> HttpTransportFactory's doBind(URI location) is referenced instead and thus
> you end up using a HttpTransportServer instead of HttpsTransportServer
> object.
>
> Joe
>
>
> Hiram Chirino wrote:
>>
>> Yeah.. the http/s transport does not get as much use as most other
>> connectors so it might not be up to snuff. It would be awesome if
>> interested folks to start contributing test cases and patches to get
>> it more robust. If you interested in helping let me know and I'll get
>> you started in the right direction.
>>
>> Regards,
>> Hiram
>>
>> On Thu, May 15, 2008 at 12:20 PM, j0llyr0g3r
>> <ti...@wincor-nixdorf.com> wrote:
>>>
>>> Hi,
>>>
>>> using the ssl-conncetor for ssl works fine but this is not what i need.
>>>
>>> Because of a http-proxy in the middle i need to use the https-connector.
>>>
>>> As described here:
>>>
>>> http://www.nabble.com/http-ok%2C-ssl-ok%2C-HTTPS--%3E-NOT-ok--td17131092s2354.html
>>>
>>> - ssl works
>>> - http work (even over proxies)
>>> - https does not work
>>>
>>> Certificates, truststores etc are configured correctly, otherwise ssl
>>> wouldn't work.
>>>
>>> So, in a nutshell, https is my problem, not ssl.
>>>
>>> All of the above led me to the conclusion that the https-connector
>>> simply
>>> doesn't work at all (see my thread above).....
>>>
>>> The sparse documentation about this is either wrong or inaccurate, just
>>> using
>>>
>>> https://foo:3434
>>>
>>> does not work even if all prerequisites like certificates etc. are
>>> fullfilled.
>>>
>>> Any more ideas?
>>> --
>>> View this message in context:
>>> http://www.nabble.com/HTTPS-in-general-not-working-between-brokers--tp17229631s2354p17257072.html
>>> Sent from the ActiveMQ - User mailing list archive at Nabble.com.
>>>
>>>
>>
>>
>>
>> --
>> Regards,
>> Hiram
>>
>> Blog: http://hiramchirino.com
>>
>> Open Source SOA
>> http://open.iona.com
>>
>>
>
>
--
View this message in context: http://www.nabble.com/HTTPS-in-general-not-working-between-brokers--tp17229631s2354p17481780.html
Sent from the ActiveMQ - User mailing list archive at Nabble.com.
Re: HTTPS in general not working between brokers?
Posted by ttmdev <jo...@ttmsolutions.com>.
I reopened AMQ-1098 and submitted a patch. HttpsTransportFactory is not
overriding HttpTransportFactory's doBind(URI location) method; therefore,
HttpTransportFactory's doBind(URI location) is referenced instead and thus
you end up using a HttpTransportServer instead of HttpsTransportServer
object.
Joe
Hiram Chirino wrote:
>
> Yeah.. the http/s transport does not get as much use as most other
> connectors so it might not be up to snuff. It would be awesome if
> interested folks to start contributing test cases and patches to get
> it more robust. If you interested in helping let me know and I'll get
> you started in the right direction.
>
> Regards,
> Hiram
>
> On Thu, May 15, 2008 at 12:20 PM, j0llyr0g3r
> <ti...@wincor-nixdorf.com> wrote:
>>
>> Hi,
>>
>> using the ssl-conncetor for ssl works fine but this is not what i need.
>>
>> Because of a http-proxy in the middle i need to use the https-connector.
>>
>> As described here:
>>
>> http://www.nabble.com/http-ok%2C-ssl-ok%2C-HTTPS--%3E-NOT-ok--td17131092s2354.html
>>
>> - ssl works
>> - http work (even over proxies)
>> - https does not work
>>
>> Certificates, truststores etc are configured correctly, otherwise ssl
>> wouldn't work.
>>
>> So, in a nutshell, https is my problem, not ssl.
>>
>> All of the above led me to the conclusion that the https-connector simply
>> doesn't work at all (see my thread above).....
>>
>> The sparse documentation about this is either wrong or inaccurate, just
>> using
>>
>> https://foo:3434
>>
>> does not work even if all prerequisites like certificates etc. are
>> fullfilled.
>>
>> Any more ideas?
>> --
>> View this message in context:
>> http://www.nabble.com/HTTPS-in-general-not-working-between-brokers--tp17229631s2354p17257072.html
>> Sent from the ActiveMQ - User mailing list archive at Nabble.com.
>>
>>
>
>
>
> --
> Regards,
> Hiram
>
> Blog: http://hiramchirino.com
>
> Open Source SOA
> http://open.iona.com
>
>
--
View this message in context: http://www.nabble.com/HTTPS-in-general-not-working-between-brokers--tp17229631s2354p17481691.html
Sent from the ActiveMQ - User mailing list archive at Nabble.com.
Re: HTTPS in general not working between brokers?
Posted by Hiram Chirino <hi...@hiramchirino.com>.
Yeah.. the http/s transport does not get as much use as most other
connectors so it might not be up to snuff. It would be awesome if
interested folks to start contributing test cases and patches to get
it more robust. If you interested in helping let me know and I'll get
you started in the right direction.
Regards,
Hiram
On Thu, May 15, 2008 at 12:20 PM, j0llyr0g3r
<ti...@wincor-nixdorf.com> wrote:
>
> Hi,
>
> using the ssl-conncetor for ssl works fine but this is not what i need.
>
> Because of a http-proxy in the middle i need to use the https-connector.
>
> As described here:
>
> http://www.nabble.com/http-ok%2C-ssl-ok%2C-HTTPS--%3E-NOT-ok--td17131092s2354.html
>
> - ssl works
> - http work (even over proxies)
> - https does not work
>
> Certificates, truststores etc are configured correctly, otherwise ssl
> wouldn't work.
>
> So, in a nutshell, https is my problem, not ssl.
>
> All of the above led me to the conclusion that the https-connector simply
> doesn't work at all (see my thread above).....
>
> The sparse documentation about this is either wrong or inaccurate, just
> using
>
> https://foo:3434
>
> does not work even if all prerequisites like certificates etc. are
> fullfilled.
>
> Any more ideas?
> --
> View this message in context: http://www.nabble.com/HTTPS-in-general-not-working-between-brokers--tp17229631s2354p17257072.html
> Sent from the ActiveMQ - User mailing list archive at Nabble.com.
>
>
--
Regards,
Hiram
Blog: http://hiramchirino.com
Open Source SOA
http://open.iona.com
Re: HTTPS in general not working between brokers?
Posted by j0llyr0g3r <ti...@wincor-nixdorf.com>.
Hi,
using the ssl-conncetor for ssl works fine but this is not what i need.
Because of a http-proxy in the middle i need to use the https-connector.
As described here:
http://www.nabble.com/http-ok%2C-ssl-ok%2C-HTTPS--%3E-NOT-ok--td17131092s2354.html
- ssl works
- http work (even over proxies)
- https does not work
Certificates, truststores etc are configured correctly, otherwise ssl
wouldn't work.
So, in a nutshell, https is my problem, not ssl.
All of the above led me to the conclusion that the https-connector simply
doesn't work at all (see my thread above).....
The sparse documentation about this is either wrong or inaccurate, just
using
https://foo:3434
does not work even if all prerequisites like certificates etc. are
fullfilled.
Any more ideas?
--
View this message in context: http://www.nabble.com/HTTPS-in-general-not-working-between-brokers--tp17229631s2354p17257072.html
Sent from the ActiveMQ - User mailing list archive at Nabble.com.
Re: HTTPS in general not working between brokers?
Posted by Hiram Chirino <hi...@hiramchirino.com>.
You should be able to use the ssl: transports between brokers just
fine. All you have to configure is the key and trust stores + the JVM
properties for them.
Regards,
Hiram
On Wed, May 14, 2008 at 8:14 AM, j0llyr0g3r
<ti...@wincor-nixdorf.com> wrote:
>
> Hey folks,
>
> i have a major problem with AMQ here.
>
> After extensively reading / searching:
>
> -> google
> -> the mailing-list
> -> the official documentation
> -> the documentation from ttmsolutions.com
> -> Jira
>
> and after opening up this thread
>
> ->http://www.nabble.com/http-ok%2C-ssl-ok%2C-HTTPS--%3E-NOT-ok--td17131092s2354.html#a17131092
>
> i have come to the conclusion that https can only be used between clients
> and brokers but NOT between brokers and brokers.
>
> I didn't find any statement which clarifies this matter, so this is just my
> guess.
>
> Could somebody please clarify this issue?
>
> Has anybody ever used a https-connection between brokers?
> --
> View this message in context: http://www.nabble.com/HTTPS-in-general-not-working-between-brokers--tp17229631s2354p17229631.html
> Sent from the ActiveMQ - User mailing list archive at Nabble.com.
>
>
--
Regards,
Hiram
Blog: http://hiramchirino.com
Open Source SOA
http://open.iona.com