How to create keystore and truststore to test SSL connection with Red Hat AMQ 6.3 ?

Solution Verified - Updated -

Issue

  • I have created the truststore for client and server side keystore as the documentation but receiving certificate_unknown error in logs while testing with SSL client.
keytool -genkey -alias broker -keyalg RSA -keystore broker.ks -keysize 1024 -validity 3650 -keypass password -storepass password -dname "CN=some.host.local, OU=JBOSS-AMQ, OU=TEST, OU=TEST"

keytool -export -alias broker -keystore broker.ks -file broker_cert

keytool -import -alias broker -keystore client.ts -file broker_cert
  • And in the activemq.xml
 <sslContext>
            <sslContext
                keyStore="${karaf.base}/etc/.certificates/broker.ks"
                keyStorePassword="password"
                />
        </sslContext>

        <transportConnectors>           
           <transportConnector name="nio+ssl" uri="nio+ssl://0.0.0.0:61617?transport.enabledProtocols=TLSv1,TLSv1.1,TLSv1.2&amp;maximumConnections=1000&amp;wireFormat.maxFrameSize=104857600&amp;wireFormat.maxInactivityDuration=5000&amp;keepAlive=true"/>
</transportConnectors>
  • In the amq.log
[2018-05-29T14:22:52.262+1000] | ERROR | vice[amq] Task-1 | TransportConnector               | vemq.broker.TransportConnector$1  242 | 88 - org.apache.activemq.activemq-osgi - 5.11.0.redhat-630283 | Could not accept connection from null: java.io.IOException: javax.net.ssl.SSLException: Received fatal alert: certificate_unknown

Environment

  • Red Hat AMQ
    • 6.3.0

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In
Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.