You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@activemq.apache.org by "Timothy A. Bish (Jira)" <ji...@apache.org> on 2019/10/25 13:57:00 UTC

[jira] [Closed] (AMQ-7328) ActiveMQ truststore client.ts not working

     [ https://issues.apache.org/jira/browse/AMQ-7328?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Timothy A. Bish closed AMQ-7328.
--------------------------------
    Resolution: Invalid

The is a configuration issue and not a bug report, please ask configuration questions on the users mailing list.  http://activemq.apache.org/contact/#mailing

> ActiveMQ truststore client.ts not working
> -----------------------------------------
>
>                 Key: AMQ-7328
>                 URL: https://issues.apache.org/jira/browse/AMQ-7328
>             Project: ActiveMQ
>          Issue Type: Bug
>          Components: Broker
>    Affects Versions: 5.15.1
>         Environment: Server - Ubuntu 16.0.4 
> Applications: Talend, ActiveMQ 5.15.1, Karaf, CRM tools
> Client - Talend application
>            Reporter: Naveen
>            Priority: Blocker
>
> We have had our ActiveMQ truststore getting corrupted in our production server last week. So I replaced the truststore.ts file from a backup and imported the app servers .pfx certificates into it. 
> Now, customers are unable to establish a connection to ActiveMQ server on 61616, getting SSL errors. I'm noticing below error in ActiveMQ.log file.
> | Reason: javax.net.ssl.SSLHandshakeException: Remote host closed connection during handshake | org.apache.activemq.broker.TransportConnector | ActiveMQ BrokerService
> So I tried creating a new client.ts file by following below steps from your KB. But the issue persists. If I use the truststore.ts file on the client machine, I'm able to establish the connection successfully. Could you please help resolve this issue asap? 
> *Using keytool, create a certificate for the broker:*
> keytool -genkey -alias broker -keyalg RSA -keystore broker.ks
> *Export the broker's certificate so it can be shared with clients:*
> keytool -export -alias broker -keystore broker.ks -file broker_cert
> *Create a certificate/keystore for the client:*
> keytool -genkey -alias client -keyalg RSA -keystore client.ks
> *Create a truststore for the client, and import the broker's certificate. This establishes that the client "trusts" the broker:*
> keytool -import -alias broker -keystore client.ts -file broker_cert
>  
> Thanks,
> Naveen



--
This message was sent by Atlassian Jira
(v8.3.4#803005)