How to create keystore and truststore to test SSL connection with Red Hat AMQ 6.3 ?
Issue
- I have created the truststore for client and server side keystore as the documentation but receiving certificate_unknown error in logs while testing with SSL client.
keytool -genkey -alias broker -keyalg RSA -keystore broker.ks -keysize 1024 -validity 3650 -keypass password -storepass password -dname "CN=some.host.local, OU=JBOSS-AMQ, OU=TEST, OU=TEST"
keytool -export -alias broker -keystore broker.ks -file broker_cert
keytool -import -alias broker -keystore client.ts -file broker_cert
- And in the activemq.xml
<sslContext>
<sslContext
keyStore="${karaf.base}/etc/.certificates/broker.ks"
keyStorePassword="password"
/>
</sslContext>
<transportConnectors>
<transportConnector name="nio+ssl" uri="nio+ssl://0.0.0.0:61617?transport.enabledProtocols=TLSv1,TLSv1.1,TLSv1.2&maximumConnections=1000&wireFormat.maxFrameSize=104857600&wireFormat.maxInactivityDuration=5000&keepAlive=true"/>
</transportConnectors>
- In the amq.log
[2018-05-29T14:22:52.262+1000] | ERROR | vice[amq] Task-1 | TransportConnector | vemq.broker.TransportConnector$1 242 | 88 - org.apache.activemq.activemq-osgi - 5.11.0.redhat-630283 | Could not accept connection from null: java.io.IOException: javax.net.ssl.SSLException: Received fatal alert: certificate_unknown
Environment
- Red Hat AMQ
- 6.3.0
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.
