Details
-
Bug
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
None
-
None
-
Ubuntu 11.01, Java OpenJDK Runtime Environment (IcedTea6 1.11pre) (6b23~pre11-0ubuntu1.11.10.2) OpenJDK 64-Bit Server VM (build 20.0-b11, mixed mode)
apache-apollo-99-trunk-20120328.201231-9-unix-distro.tar.gz
Description
After adding 'key_alias=' to the 'key_storage' element, all attempts to connect using SSL fail.
The only thing I see in connection.log is a connect/disconnect sequence. Log files apollo.log and security.log show nothing. I see no real errors in Apollo logs.
The client gets only:
Connection reset by peer
I am running with:
- the Ruby stomp gem 1.2.2 client
- <authentication enabled="false"/>
- default login.config
- client_auth= not specified (defaulted)
The alias name is correct I believe:
apollo@tjjackson:~/my-broker-snap/etc$ grep servertj apollo.xml
<key_storage file="${apollo.base}/etc/keystore" password="password" key_password="password" key_alias="servertj" />
and:
apollo@tjjackson:~/my-broker-snap/etc$ keytool -list -keystore keystore -storepass password
Keystore type: JKS
Keystore provider: SUN
Your keystore contains 2 entries
clienttjca, Mar 31, 2012, PrivateKeyEntry,
Certificate fingerprint (MD5): FD:F8:2F:94:5F:F2:55:2C:B9:C7:E6:EA:CA:18:52:6C
servertj, Mar 31, 2012, PrivateKeyEntry,
Certificate fingerprint (MD5): F2:F3:89:68:4D:EF:46:EB:23:50:57:76:0B:01:58:58
So, the store has two entries:
1) A server cert
2) A Client CA cert (signs all client certs)
Simply removing key_alias= allows at least some SSL functionality to work.
Let me know what I can do to assist, docs etc., but key_alias= seems to be ........ not functional in general.
Regards, Guy