4 Replies Latest reply on Aug 10, 2012 4:51 PM by tapasi_paul2004

    SSL and HornetQ in AS 6.1

    fsl
    fsl Nov 10, 2011 5:15 PM

      I'm trying to configure HornetQ on AS 6.1 so it accepts encrypted connections. I coud not find a tutorial on the subject, and only very sparse documentation, but from what I got this should work. But the JavaSE client cannot connect.

       

      The client works if I lookup for a non-SSL connecton factory. If It looks for an SSL-enabled connenction factory, it gets an

      javax.jms.JMSException: Failed to create session factory

       

      When calling createConnection:

      ConnectionFactory jmsConnectionFactory = (ConnectionFactory)ctx.lookup("SSLXAConnectionFactory");

      con = jmsConnectionFactory.createConnection();

       

      I changed hornetq-configuration.xml to add a connector and an acceptor:

       

            <connector name="netty-ssl">

               <factory-class>org.hornetq.core.remoting.impl.netty.NettyConnectorFactory</factory-class>

               <param key="host" value="${jboss.bind.address:localhost}"/>

               <param key="port" value="${hornetq.remoting.netty.ssl.port:5446}"/>

               <param key="ssl-enabled" value="true"/>

               <param key="ssl-enabled" value="true"/>

               <param key="key-store-path" value="${jboss.server.home.dir}/conf/jms.keystore"/>

               <param key="key-store-password" value="secreta"/>

            </connector>

       

            <acceptor name="netty-ssl">

               <factory-class>org.hornetq.core.remoting.impl.netty.NettyAcceptorFactory</factory-class>

               <param key="host"  value="${jboss.bind.address:localhost}"/>

               <param key="port"  value="${hornetq.remoting.netty.port.ssl:5446}"/>

               <param key="ssl-enabled" value="true"/>

               <param key="key-store-path" value="${jboss.server.home.dir}/conf/jms.keystore"/>

               <param key="key-store-password" value="secreta"/>

               <param key="trust-store-path" value="${jboss.server.home.dir}/conf/cliente.truststore"/>

               <param key="trust-store-password" value="secreta"/>

            </acceptor>

       

      And changed hornetq-jms.xml to bind to JNDI a conection factory using them:

       

         <connection-factory name="NettySSLConnectionFactory">

            <xa>true</xa>

            <connectors>

               <connector-ref connector-name="netty-ssl"/>

            </connectors>

            <entries>

               <entry name="/SSLConnectionFactory"/>

               <entry name="/SSLXAConnectionFactory"/>

            </entries>

         </connection-factory>

       

      JBoss AS 6.1 starts without an error in server.log

       

      jms.keystore and client.truststore were generated using keytool, the same way it works to configure a remoting ssl invoker for EJB3.

       

      I even download hornetq standalone and looked at the examples, it looks like I did the same as sample "ssl-enabled", but it won't work for me.

       

      Please, any hint on what I did wrong?

       

       

      []s, Fernando Lozano

      • 2341 Views
      • Tags:
        • 1. Re: SSL and HornetQ in AS 6.1
          fsl
          fsl Nov 10, 2011 5:16 PM (in response to fsl)

          Forgot to tell, I also have jms.keystore and client.truststore on the current dir when runing the client.

            • Actions
          • 2. Re: SSL and HornetQ in AS 6.1
            gaohoward
            gaohoward Nov 10, 2011 9:11 PM (in response to fsl)

            HornetQ has a 'ssl-enabled' example, you  can try the example and see if it works.

             

            Howard

              • Actions
            • 3. Re: SSL and HornetQ in AS 6.1
              fsl
              fsl Nov 11, 2011 9:35 AM (in response to gaohoward)

              Hi Howard, as I wrote I got my configs from the 'ssl-enabled' example, but it isn't working inside JBoss AS 6.1. I changed a few names, but as far as I can tell my configs and the hornetq example are exactly the same. But mine doesn't work. :-(

               

              No erros on jboss log, and netstat shows my netty-ssl port is listening for connections. And the error on the client is not ssl-related, just a JMSException.

               

              I also find very confusing having both keystore and truststore on the server. How is the remote client supposed to get the certificates?

                • Actions
              • 4. Re: SSL and HornetQ in AS 6.1
                tapasi_paul2004
                tapasi_paul2004 Aug 10, 2012 4:51 PM (in response to fsl)

                Hi,

                 

                    I am also facing similar issue. Have you found the solution. If so can you share it? Also, how are you trying to creating the connection factory when you use netty ssl ?

                Any help is appreciated.

                  • Actions