0 Replies Latest reply on Dec 8, 2008 11:19 PM by BlueRHBA

    Problem with SSL configuration


      I am trying to set up "ssl" on top of ActiveMQ. I have followed the following procedure for configuring the same:

      1. Generated the Certificate Authority(CA) using Openssl.
      C:\ssl>openssl genrsa -des3 -out keys/ca.key 1024
      C:\ssl>openssl req -new -x509 -days 1001 -key keys/ca.key -out certs/ca.cer

      2. Generated the .keystore file using Keytool.
      keytool -genkey –alias tomcat –keyalg RSA

      3. Generated the truststore file using the following command.
      keytool -import -v -keystore server.truststore -storepass 123456 -file ca.cer

      4. Copied the server.truststore file to the tomcat conf directory.

      5. Modified the conf/server.xml file as follows - Uncomment the “SSL HTTP/1.1 Connector”

      <Connector port="8443" minSpareThreads="5" maxSpareThreads="75" enableLookups="true" disableUploadTimeout="true" acceptCount="100" maxThreads="200" scheme="https" secure="true" SSLEnabled="true" keystoreFile="${user.home}/.keystore" keystorePass=<keystore password> SSLCertificateFile="C:\ssl\certs\ca.cer" clientAuth="false" sslProtocol="TLS" />

      Where,
      keystorePass: This is the password that was given while generating the .keystore using keytool.
      SSLCertificatefile: This is the location of the certificate file.

      And, commented the HTTP/1.1 Connector.

      6. Changed the channel from "my-amf" to "my-secure-amf" in flex/WEB-INF/remoting-config.xml.

      7. Changed the channel from "my-polling-amf" to "my-secure-polling-amf" in flex/WEB-INF/messaging-config.xml

      8. Changed the channel ref from "my-amf" to "my-secure-amf" and destination from "DefaultHTTP" to "DefaultHTTPS" in the flex/WEB-INF/proxy-config.xml

      And the definitions of the "my-secure-amf" and "my-secure-polling-amf" are as follows,

      <channel-definition id="my-secure-amf" class="mx.messaging.channels.SecureAMFChannel">
      <endpoint url="https://{server.name}:{server.port}/{context.root}/messagebroker/amfsecure" class="flex.messaging.endpoints.SecureAMFEndpoint"/>
      <properties>
      <add-no-cache-headers>false</add-no-cache-headers>
      </properties>
      </channel-definition>

      <channel-definition id="my-secure-polling-amf" class="mx.messaging.channels.SecureAMFChannel">
      <endpoint url="https://{server.name}:{server.port}/{context.root}/messagebroker/amfsecurepolling" class="flex.messaging.endpoints.SecureAMFEndpoint"/>
      <properties>
      <polling-enabled>true</polling-enabled>
      <polling-interval-seconds>4</polling-interval-seconds>
      </properties>
      </channel-definition>

      But, when I am running my flex application, the remoting over secure channel is working fine, but the messaging service is not.

      It is throwing "Consumer Subscribe Error".

      Please provide help in configuring the same as soon as possible. And do let me know that whether I am missing something in the configuration procedure.

      Thanks