How to create keystore and truststore to test SSL connection with Red Hat AMQ 6.3 ?

Solution Verified - Updated -

Issue

  • I have created the truststore for client and server side keystore as the documentation but receiving certificate_unknown error in logs while testing with SSL client.
keytool -genkey -alias broker -keyalg RSA -keystore broker.ks -keysize 1024 -validity 3650 -keypass password -storepass password -dname "CN=some.host.local, OU=JBOSS-AMQ, OU=TEST, OU=TEST"

keytool -export -alias broker -keystore broker.ks -file broker_cert

keytool -import -alias broker -keystore client.ts -file broker_cert
  • And in the activemq.xml
 <sslContext>
            <sslContext
                keyStore="${karaf.base}/etc/.certificates/broker.ks"
                keyStorePassword="password"
                />
        </sslContext>

        <transportConnectors>           
           <transportConnector name="nio+ssl" uri="nio+ssl://0.0.0.0:61617?transport.enabledProtocols=TLSv1,TLSv1.1,TLSv1.2&amp;maximumConnections=1000&amp;wireFormat.maxFrameSize=104857600&amp;wireFormat.maxInactivityDuration=5000&amp;keepAlive=true"/>
</transportConnectors>
  • In the amq.log
[2018-05-29T14:22:52.262+1000] | ERROR | vice[amq] Task-1 | TransportConnector               | vemq.broker.TransportConnector$1  242 | 88 - org.apache.activemq.activemq-osgi - 5.11.0.redhat-630283 | Could not accept connection from null: java.io.IOException: javax.net.ssl.SSLException: Received fatal alert: certificate_unknown

Environment

  • Red Hat AMQ
    • 6.3.0

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content