You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@activemq.apache.org by Christoffer Sawicki <ch...@gmail.com> on 2014/01/29 19:13:26 UTC
ActiveMQ NMS and a self-signed SSL server certificate
Hello!
I'm trying to connect the ActiveMQ NMS client to a server with a
self-signed SSL certificate.
I've added the server certificate to Mono's "Trust", "My" and "CA"
truststores with `certmgr -add -c <object-type> message-queue.crt` but the
connections still yield a SslPolicyErrors.RemoteCertificateChainErrors.
I've found some sources on the web that hint that this is what happens with
self-signed certificates.
Am I missing something? Should I add the certificate somewhere else?
Last time I dabbled with self-signed certificates in .NET I wrote a
custom RemoteCertificateValidationCallback but that's not possible with the
current AMQ NMS API.
I'm thinking about providing a patch
for Apache.NMS.ActiveMQ.Transport.Tcp.SslTransport(Factory) that allows one
to configure brokerCert* just like clientCert* and use that certificate
file in ValidateServerCertificate. Would such a patch be accepted?
Regards,
Christoffer
Re: ActiveMQ NMS and a self-signed SSL server certificate
Posted by Christoffer Sawicki <ch...@gmail.com>.
I should note that I've seen the discussion at
http://timbish.blogspot.com/2010/04/ussing-ssl-in-nmsactivemq.html but that
Tim uses a CA while I do not.
--
View this message in context: http://activemq.2283324.n4.nabble.com/ActiveMQ-NMS-and-a-self-signed-SSL-server-certificate-tp4676964p4676965.html
Sent from the ActiveMQ - User mailing list archive at Nabble.com.
Re: ActiveMQ NMS and a self-signed SSL server certificate
Posted by Timothy Bish <ta...@gmail.com>.
On 01/29/2014 01:13 PM, Christoffer Sawicki wrote:
> Hello!
>
> I'm trying to connect the ActiveMQ NMS client to a server with a
> self-signed SSL certificate.
>
> I've added the server certificate to Mono's "Trust", "My" and "CA"
> truststores with `certmgr -add -c <object-type> message-queue.crt` but the
> connections still yield a SslPolicyErrors.RemoteCertificateChainErrors.
> I've found some sources on the web that hint that this is what happens with
> self-signed certificates.
>
> Am I missing something? Should I add the certificate somewhere else?
>
> Last time I dabbled with self-signed certificates in .NET I wrote a
> custom RemoteCertificateValidationCallback but that's not possible with the
> current AMQ NMS API.
>
> I'm thinking about providing a patch
> for Apache.NMS.ActiveMQ.Transport.Tcp.SslTransport(Factory) that allows one
> to configure brokerCert* just like clientCert* and use that certificate
> file in ValidateServerCertificate. Would such a patch be accepted?
>
> Regards,
> Christoffer
>
You can create a patch and attach it to a Jira issue for review.
--
Tim Bish
Sr Software Engineer | RedHat Inc.
tim.bish@redhat.com | www.fusesource.com | www.redhat.com
skype: tabish121 | twitter: @tabish121
blog: http://timbish.blogspot.com/