You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@qpid.apache.org by Brandon Pedersen <bp...@gmail.com> on 2011/09/22 05:16:04 UTC
ssl route link
Hi, its me again :)
So now that I have a queue route working between my 2 c++ brokers
running 0.12 I would like to make the link between the brokers go over
ssl. I have enabled ssl on the destination broker and would like the
source broker to connect over ssl. I don't need or want to have the
source broker configured to use ssl if I can avoid it, I only need the
destination broker to be using ssl.
So the working command I have to create the queue push route is this:
qpid-route -d -s queue add 192.168.2.2 192.168.2.1 mytopic everything
I would have thought the following command would work to enable an ssl
connection to the destination broker (which is running ssl on port
5671):
qpid-route -d -s -t ssl queue add 192.168.2.2:5671 192.168.2.1 mytopic
everything
However, the link and route is not setup and in the source broker's
log I see this message:
error Transport 'ssl' not supported
I am not sure why though. Is there some library I need to make sure is
available? I have cross-compiled the broker and I'm not sure if all
the libraries for ssl have been properly compiled in or moved to the
target machine.
Thanks,
-Brandon
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:users-subscribe@qpid.apache.org
Re: ssl route link
Posted by Gordon Sim <gs...@redhat.com>.
On 09/22/2011 05:07 AM, Brandon Pedersen wrote:
> So I got NSS working correctly now and have imported the CA
> certificate used for the servers cert into the database. However, when
> I start up the broker I still get an error initializing the plugin:
> Failed to load certificate '<hostname>'
>
> I guess this goes back to part of my original question, in order to
> connect over ssl to another broker do I also have to have ssl properly
> set up on the client broker? (that's what this error message leads me
> to believe)
Yes. The 'client' broker actually uses the SSL support from the broker
side plugin and that attempts to load the brokers certificate from the
cert db.
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:users-subscribe@qpid.apache.org
Re: ssl route link
Posted by Brandon Pedersen <bp...@gmail.com>.
So I got NSS working correctly now and have imported the CA
certificate used for the servers cert into the database. However, when
I start up the broker I still get an error initializing the plugin:
Failed to load certificate '<hostname>'
I guess this goes back to part of my original question, in order to
connect over ssl to another broker do I also have to have ssl properly
set up on the client broker? (that's what this error message leads me
to believe)
Thanks,
-Brandon
On Wed, Sep 21, 2011 at 9:38 PM, Brandon Pedersen <bp...@gmail.com> wrote:
> It looks like there is a problem with the nss library on the machine.
> I will have to figure out what is going on but in the broker log I
> also saw this message:
> Failed to initialise SSL plugin: Failed: NSS error [-8023]
> (qpid/sys/ssl/util.cpp:103)
>
> That error code is the same thing I get when trying to use certutil
> which maps to the error:A PKCS #11 module returned CKR_DEVICE_ERROR,
> indicating that a problem has occurred with the token or slot.
>
> I have no idea what that means but I will try and figure something out
>
> -Brandon
>
> On Wed, Sep 21, 2011 at 9:16 PM, Brandon Pedersen <bp...@gmail.com> wrote:
>> Hi, its me again :)
>>
>> So now that I have a queue route working between my 2 c++ brokers
>> running 0.12 I would like to make the link between the brokers go over
>> ssl. I have enabled ssl on the destination broker and would like the
>> source broker to connect over ssl. I don't need or want to have the
>> source broker configured to use ssl if I can avoid it, I only need the
>> destination broker to be using ssl.
>>
>> So the working command I have to create the queue push route is this:
>> qpid-route -d -s queue add 192.168.2.2 192.168.2.1 mytopic everything
>>
>> I would have thought the following command would work to enable an ssl
>> connection to the destination broker (which is running ssl on port
>> 5671):
>> qpid-route -d -s -t ssl queue add 192.168.2.2:5671 192.168.2.1 mytopic
>> everything
>>
>> However, the link and route is not setup and in the source broker's
>> log I see this message:
>> error Transport 'ssl' not supported
>>
>> I am not sure why though. Is there some library I need to make sure is
>> available? I have cross-compiled the broker and I'm not sure if all
>> the libraries for ssl have been properly compiled in or moved to the
>> target machine.
>>
>> Thanks,
>>
>> -Brandon
>>
>
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:users-subscribe@qpid.apache.org
Re: ssl route link
Posted by Brandon Pedersen <bp...@gmail.com>.
It looks like there is a problem with the nss library on the machine.
I will have to figure out what is going on but in the broker log I
also saw this message:
Failed to initialise SSL plugin: Failed: NSS error [-8023]
(qpid/sys/ssl/util.cpp:103)
That error code is the same thing I get when trying to use certutil
which maps to the error:A PKCS #11 module returned CKR_DEVICE_ERROR,
indicating that a problem has occurred with the token or slot.
I have no idea what that means but I will try and figure something out
-Brandon
On Wed, Sep 21, 2011 at 9:16 PM, Brandon Pedersen <bp...@gmail.com> wrote:
> Hi, its me again :)
>
> So now that I have a queue route working between my 2 c++ brokers
> running 0.12 I would like to make the link between the brokers go over
> ssl. I have enabled ssl on the destination broker and would like the
> source broker to connect over ssl. I don't need or want to have the
> source broker configured to use ssl if I can avoid it, I only need the
> destination broker to be using ssl.
>
> So the working command I have to create the queue push route is this:
> qpid-route -d -s queue add 192.168.2.2 192.168.2.1 mytopic everything
>
> I would have thought the following command would work to enable an ssl
> connection to the destination broker (which is running ssl on port
> 5671):
> qpid-route -d -s -t ssl queue add 192.168.2.2:5671 192.168.2.1 mytopic
> everything
>
> However, the link and route is not setup and in the source broker's
> log I see this message:
> error Transport 'ssl' not supported
>
> I am not sure why though. Is there some library I need to make sure is
> available? I have cross-compiled the broker and I'm not sure if all
> the libraries for ssl have been properly compiled in or moved to the
> target machine.
>
> Thanks,
>
> -Brandon
>
---------------------------------------------------------------------
Apache Qpid - AMQP Messaging Implementation
Project: http://qpid.apache.org
Use/Interact: mailto:users-subscribe@qpid.apache.org