You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@qpid.apache.org by "Hamid.Shahid" <ha...@hotmail.com> on 2011/11/11 18:28:56 UTC
Using SSL Certificate in Qpid C++ Client
Hi,
I have writted a Qpid messaging client in C++ and I need to use the private
key of a SSL certificate created by using java "keytool".
Please let me know, how can I use a SSL certificate in my C++ client and how
can public and private keys of the certificates can be utilized in the code.
Thank you.
regards,
Hamid.
--
View this message in context: http://apache-qpid-users.2158936.n2.nabble.com/Using-SSL-Certificate-in-Qpid-C-Client-tp6986158p6986158.html
Sent from the Apache Qpid users mailing list archive at Nabble.com.
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:users-subscribe@qpid.apache.org
Re: Using SSL Certificate in Qpid C++ Client
Posted by "Hamid.Shahid" <ha...@hotmail.com>.
Hi Jakub,
Thanks.
--
View this message in context: http://apache-qpid-users.2158936.n2.nabble.com/Using-SSL-Certificate-in-Qpid-C-Client-tp6986158p6996758.html
Sent from the Apache Qpid users mailing list archive at Nabble.com.
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:users-subscribe@qpid.apache.org
RE: Using SSL Certificate in Qpid C++ Client
Posted by "Hamid.Shahid" <ha...@hotmail.com>.
Hi Steve,
I tried to search it on MSDN but have not fine any useful code example.
There was a lot of description but not something specific in terms of which
liberaries to use for importing SSL certificate. As, I want to have my
client application athunditcated from the server, and for that I will need
to specify the SSL certificate location in the client's code along with
password.
regards,
Hamid
--
View this message in context: http://apache-qpid-users.2158936.n2.nabble.com/Using-SSL-Certificate-in-Qpid-C-Client-tp6986158p6996756.html
Sent from the Apache Qpid users mailing list archive at Nabble.com.
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:users-subscribe@qpid.apache.org
RE: Using SSL Certificate in Qpid C++ Client
Posted by Steve Huston <sh...@riverace.com>.
The Windows C++ broker uses native Windows SSL certificate handling. You
can find all info about it in MSDN. (msdn.microsoft.com).
-Steve
> -----Original Message-----
> From: Jakub Scholz [mailto:jakub@scholz.cz]
> Sent: Tuesday, November 15, 2011 7:11 AM
> To: users@qpid.apache.org
> Subject: Re: Using SSL Certificate in Qpid C++ Client
>
> Hi Hamid,
>
> I'm sorry, I haven't tried SSL on Windows yet.
>
> Regards
> Jakub
>
> On Tue, Nov 15, 2011 at 11:22, Hamid.Shahid <ha...@hotmail.com>
> wrote:
> > Hi Jakub,
> >
> > Thank you so much for a detailed reply. I am using Windows
> > environment. Can you pleaase explain how I can use SSL certificates in
> > windows enviorment using C++.
> >
> > Thanks.
> >
> > regards,
> > Hamid.
> >
> > --
> > View this message in context:
> > http://apache-qpid-users.2158936.n2.nabble.com/Using-SSL-Certificate-i
> > n-Qpid-C-Client-tp6986158p6995750.html
> > Sent from the Apache Qpid users mailing list archive at Nabble.com.
> >
> > ---------------------------------------------------------------------
> > Apache Qpid - AMQP Messaging Implementation
> > Project: http://qpid.apache.org
> > Use/Interact: mailto:users-subscribe@qpid.apache.org
> >
> >
>
> ---------------------------------------------------------------------
> Apache Qpid - AMQP Messaging Implementation
> Project: http://qpid.apache.org
> Use/Interact: mailto:users-subscribe@qpid.apache.org
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:users-subscribe@qpid.apache.org
Re: Using SSL Certificate in Qpid C++ Client
Posted by Jakub Scholz <ja...@scholz.cz>.
Hi Hamid,
I'm sorry, I haven't tried SSL on Windows yet.
Regards
Jakub
On Tue, Nov 15, 2011 at 11:22, Hamid.Shahid <ha...@hotmail.com> wrote:
> Hi Jakub,
>
> Thank you so much for a detailed reply. I am using Windows environment. Can
> you pleaase explain how I can use SSL certificates in windows enviorment
> using C++.
>
> Thanks.
>
> regards,
> Hamid.
>
> --
> View this message in context: http://apache-qpid-users.2158936.n2.nabble.com/Using-SSL-Certificate-in-Qpid-C-Client-tp6986158p6995750.html
> Sent from the Apache Qpid users mailing list archive at Nabble.com.
>
> ---------------------------------------------------------------------
> Apache Qpid - AMQP Messaging Implementation
> Project: http://qpid.apache.org
> Use/Interact: mailto:users-subscribe@qpid.apache.org
>
>
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:users-subscribe@qpid.apache.org
Re: Using SSL Certificate in Qpid C++ Client
Posted by "Hamid.Shahid" <ha...@hotmail.com>.
Hi Gordon,
Thank you for the following link, I havent read that before... I think it
will work.
regards,
Hamid.
--
View this message in context: http://apache-qpid-users.2158936.n2.nabble.com/Using-SSL-Certificate-in-Qpid-C-Client-tp6986158p6996735.html
Sent from the Apache Qpid users mailing list archive at Nabble.com.
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:users-subscribe@qpid.apache.org
Re: Using SSL Certificate in Qpid C++ Client
Posted by Gordon Sim <gs...@redhat.com>.
On 11/15/2011 10:22 AM, Hamid.Shahid wrote:
> Hi Jakub,
>
> Thank you so much for a detailed reply. I am using Windows environment. Can
> you pleaase explain how I can use SSL certificates in windows enviorment
> using C++.
Have you read https://svn.apache.org/repos/asf/qpid/trunk/qpid/cpp/SSL?
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:users-subscribe@qpid.apache.org
Re: Using SSL Certificate in Qpid C++ Client
Posted by "Hamid.Shahid" <ha...@hotmail.com>.
Hi Jakub,
Thank you so much for a detailed reply. I am using Windows environment. Can
you pleaase explain how I can use SSL certificates in windows enviorment
using C++.
Thanks.
regards,
Hamid.
--
View this message in context: http://apache-qpid-users.2158936.n2.nabble.com/Using-SSL-Certificate-in-Qpid-C-Client-tp6986158p6995750.html
Sent from the Apache Qpid users mailing list archive at Nabble.com.
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:users-subscribe@qpid.apache.org
Re: Using SSL Certificate in Qpid C++ Client
Posted by Jakub Scholz <ja...@scholz.cz>.
Hi Hamid,
I believe the SSL support in C++ is different on Linux and on Windows.
Assuming you use Linux:
1) export the certificate from Java Keystore to P12 using:
keytool -importkeystore -srckeystore ./keystore_certificate
-destkeystore ./certificate.p12 -deststoretype PKCS12
2) You can export the public key of the broker / its CA from the
keystore using the -exportcert command of the keytool utility
keytool -exportcert -rfc -file broker.crt -keystore
keystore_certificate -alias broker
3) Create the NSS certificate database using the certutil command:
mkdir ./certdb
certutil -N -d ./certdb/
4) Load the public key of the broker into the database
certutil -A -d ./certdb/ -n broker -i broker.crt -t "P,,"
In case you do not have public key of the broker, but only a key from
its CA, use "T,," instead of "P,,"
5) The C++ client is using the NSS / certutil certificate database.
You have to create one (the certutil command help will guide you) and
load the private key from the PKCS12 file using following command:
pk12util -i certificate.p12 -d ./certdb/
6) When you list the certificate database you should see something like this:
certutil -L -d ./certdb/
Certificate Nickname Trust Attributes
SSL,S/MIME,JAR/XPI
CN=clientXXX u,u,u
broker P,,
7) Export the variables as described in
http://qpid.apache.org/books/0.12/AMQP-Messaging-Broker-CPP-Book/html/ch01s05.html#sect-Messaging_User_Guide-Security-Encryption_using_SSL
in section "Enabling SSL in Clients"
8) set following connection options in your C++ client:
connection.setOption("transport", "ssl");
connection.setOption("sasl_mechanisms", "EXTERNAL");
And if you are lucky it will work. You do not specify any certificate
directly in the C++ code. The private key is selected based on the
alias in QPID_SSL_CERT_NAME variable. And the public key of the broker
is somehow ???negotiated/selected??? ... anyway you should not need to
specify it, you should just have it in the certificate database.
Regards
Jakub
On Fri, Nov 11, 2011 at 18:28, Hamid.Shahid <ha...@hotmail.com> wrote:
> Hi,
>
> I have writted a Qpid messaging client in C++ and I need to use the private
> key of a SSL certificate created by using java "keytool".
>
> Please let me know, how can I use a SSL certificate in my C++ client and how
> can public and private keys of the certificates can be utilized in the code.
>
> Thank you.
>
> regards,
> Hamid.
>
> --
> View this message in context: http://apache-qpid-users.2158936.n2.nabble.com/Using-SSL-Certificate-in-Qpid-C-Client-tp6986158p6986158.html
> Sent from the Apache Qpid users mailing list archive at Nabble.com.
>
> ---------------------------------------------------------------------
> Apache Qpid - AMQP Messaging Implementation
> Project: http://qpid.apache.org
> Use/Interact: mailto:users-subscribe@qpid.apache.org
>
>
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:users-subscribe@qpid.apache.org