问题:
客户端无法通过SSL连接到Apache Artemis
曹兴贤
openssl genrsa -des3 -out brokerRoot.key 4096
openssl req -newkey rsa:2048 -nodes -keyout brokerRoot.key -x509 -days 3600 -out brokerRoot.pem -subj "/C=US/ST=Maryland/L=Aberdeen/O=Company/OU=IT/CN=company/emailAddress=test@test.de" -passin pass:passphrase
openssl pkcs12 -inkey brokerRoot.key -in brokerRoot.pem -export -out broker_ks.p12 -password pass:keyStorePassword
//Create a truststore for the client
keytool -import -alias broker -keystore client_ts.p12 -file brokerRoot.pem -deststoretype pkcs12 -storepass trustStorePassword -noprompt
<?xml version='1.0'?>
<configuration xmlns="urn:activemq"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xi="http://www.w3.org/2001/XInclude"
xsi:schemaLocation="urn:activemq /schema/artemis-configuration.xsd">
<core xmlns="urn:activemq:core" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="urn:activemq:core ">
<name>0.0.0.0</name>
<persistence-enabled>true</persistence-enabled>
<journal-type>ASYNCIO</journal-type>
<paging-directory>data/paging</paging-directory>
<bindings-directory>data/bindings</bindings-directory>
<journal-directory>data/journal</journal-directory>
<large-messages-directory>data/large-messages</large-messages-directory>
<journal-datasync>true</journal-datasync>
<journal-min-files>2</journal-min-files>
<journal-pool-files>10</journal-pool-files>
<journal-device-block-size>4096</journal-device-block-size>
<journal-file-size>10M</journal-file-size>
<journal-buffer-timeout>28000</journal-buffer-timeout>
<journal-max-io>4096</journal-max-io>
<disk-scan-period>5000</disk-scan-period>
<max-disk-usage>100</max-disk-usage>
<critical-analyzer>true</critical-analyzer>
<critical-analyzer-timeout>120000</critical-analyzer-timeout>
<critical-analyzer-check-period>60000</critical-analyzer-check-period>
<critical-analyzer-policy>HALT</critical-analyzer-policy>
<page-sync-timeout>1628000</page-sync-timeout>
<global-max-size>204Mb</global-max-size>
<!-- Connectors -->
<connectors>
<connector name="netty-connector">tcp://hostname:61616?sslEnabled=true;trustStorePath=/home/artemis/client_ts.p12;trustStorePassword=trustStorePassword</connector>
</connectors>
<acceptors>
<acceptor name="netty-acceptor">tcp://hostname:61616?sslEnabled=true;keyStorePath=/home/artemis/broker_ks.p12;keyStorePassword=keyStorePassword</acceptor>
</acceptors>
<cluster-connections>
<cluster-connection name="my-cluster">
<connector-ref>netty-connector</connector-ref>
<retry-interval>1000</retry-interval>
<retry-interval-multiplier>3</retry-interval-multiplier>
<use-duplicate-detection>true</use-duplicate-detection>
<message-load-balancing>STRICT</message-load-balancing>
</cluster-connection>
</cluster-connections>
<security-settings>
<security-setting match="#">
<permission type="createNonDurableQueue" roles="amq"/>
<permission type="deleteNonDurableQueue" roles="amq"/>
<permission type="createDurableQueue" roles="amq"/>
<permission type="deleteDurableQueue" roles="amq"/>
<permission type="createAddress" roles="amq"/>
<permission type="deleteAddress" roles="amq"/>
<permission type="consume" roles="amq"/>
<permission type="browse" roles="amq"/>
<permission type="send" roles="amq"/>
<!-- we need this otherwise ./artemis data imp wouldn't work -->
<permission type="manage" roles="amq"/>
</security-setting>
</security-settings>
<addresses>
<address name="exampleQueue">
<anycast>
<queue name="exampleQueue"/>
</anycast>
</address>
<address name="DLQ">
<anycast>
<queue name="DLQ" />
</anycast>
</address>
<address name="ExpiryQueue">
<anycast>
<queue name="ExpiryQueue" />
</anycast>
</address>
</addresses>
<address-settings>
<!-- if you define auto-create on certain queues, management has to be auto-create -->
<address-setting match="activemq.management#">
<dead-letter-address>DLQ</dead-letter-address>
<expiry-address>ExpiryQueue</expiry-address>
<redelivery-delay>0</redelivery-delay>
<!-- with -1 only the global-max-size is in use for limiting -->
<max-size-bytes>-1</max-size-bytes>
<message-counter-history-day-limit>10</message-counter-history-day-limit>
<address-full-policy>PAGE</address-full-policy>
<auto-create-queues>true</auto-create-queues>
<auto-create-addresses>true</auto-create-addresses>
<auto-create-jms-queues>true</auto-create-jms-queues>
<auto-create-jms-topics>true</auto-create-jms-topics>
</address-setting>
<!--default for catch all-->
<address-setting match="#">
<dead-letter-address>DLQ</dead-letter-address>
<expiry-address>ExpiryQueue</expiry-address>
<redelivery-delay>0</redelivery-delay>
<!-- with -1 only the global-max-size is in use for limiting -->
<max-size-bytes>-1</max-size-bytes>
<message-counter-history-day-limit>10</message-counter-history-day-limit>
<address-full-policy>PAGE</address-full-policy>
<auto-create-queues>true</auto-create-queues>
<auto-create-addresses>true</auto-create-addresses>
<auto-create-jms-queues>true</auto-create-jms-queues>
<auto-create-jms-topics>true</auto-create-jms-topics>
</address-setting>
<address-setting match="exampleQueue">
<dead-letter-address>DLQ</dead-letter-address>
<redelivery-delay>1000</redelivery-delay>
<max-delivery-attempts>3</max-delivery-attempts>
<max-size-bytes>-1</max-size-bytes>
<page-size-bytes>1048576</page-size-bytes>
<message-counter-history-day-limit>10</message-counter-history-day-limit>
<address-full-policy>PAGE</address-full-policy>
</address-setting>
</address-settings>
</core>
</configuration>
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<broker xmlns="http://activemq.org/schema">
<jaas-security domain="activemq"/>
<server configuration="file:/home/artemis-broker/etc//broker.xml"/>
<web bind="https://0.0.0.0:8161" path="web" keyStorePath="/home/artemis_certs/broker_ks.p12" keyStorePassword="keyStorePassword" trustStorePath="/home/artemis_certs/client_ts.p12" trustStorePassword="trustStorePassword">
<app url="activemq-branding" war="activemq-branding.war"/>
<app url="artemis-plugin" war="artemis-plugin.war"/>
<app url="console" war="console.war"/>
</web>
</broker>
jms.artemis.broker.url=tcp://hostname:61616?sslEnabled=true&trustStorePath=./certs/client_ts.p12&trustStorePassword=trustStorePassword
jms.artemis.user=admin
jms.artemis.password=admin
共有1个答案
陆昊
我们有一个码头集装箱和阿耳忒弥斯一起运行。我们已经用Java版本的OpenJDK 11.0.12(A)生成了密钥库。在我们的docker容器中,我们有版本1.8.0._302(B)。
从版本A生成的keystore与版本B不匹配。在我们发现这一点后,我们在Dock-Container中生成了版本B的keystore,并且一切都运行良好。
这个答案帮助了我们:https://stackoverflow.com/A/65784061/4578611
类似资料:
-
我正在尝试通过Phoenix连接HBase集群。首先,我已经将Phoenix客户端和查询服务器jars文件复制到HMaster和HRegion lib文件夹,并重新启动HBase服务。 服务器-通过/bin/queryserver.py启动Phoenix服务器。运转正常。 客户端- 它工作在伪节点集群上。但在启用HA的Hadoop集群中失败。 在高可用性集群中,我已经为文件中的属性设置了活动名称代
-
我设置了一个带有官方REPO elasticsearch docker图像的elasticsearch容器。然后运行它 轻松又有效。ps信息是 我可以使用超文本传输协议访问服务器-客户端通过端口32769- 现在我需要我的JAVA程序与dockerize elasticsearch一起工作。java Node客户端只能通过32768-连接到elasticsearch 然后我在控制台中得到以下错误:
-
我无法获取上一个已知位置。我已经在谷歌控制台中启用了地理编码API和谷歌地点API的Android。我在清单文件中添加了 API 密钥: 但我不断在控制台中收到一条消息:“无法连接到Google API客户端:连接结果{状态代码=API_UNAVAILABLE,分辨率=空}” 更新 我使用谷歌示例 onConnected和onConnectionFailed不调用。 而且我也使用Android反应
-
我对javax有问题。websocket(使用Eclipse IDE和Jetty 9服务器)。我写了ClientEndDoint(带有所有注释)。这段代码可以与“ws://”配合使用,但我在尝试使用“wss://”时遇到了问题。 我试图做它与SSLContext,但不知道如何我可以添加SSLContextFactory到我的会话或套接字容器。 或者我如何可以使所有连接可信? StackTrace:
-
无法连接到本链接中提到的greeter grpc服务-https://docs . Microsoft . com/en-us/aspnet/core/tutorials/grpc/grpc-start?欢迎客户端的view=aspnetcore-3.0,它是使用grpc.core库(< code>Grpc)从. net framework应用程序编写的。核心2.24.0和< code>Grpc。
-
问题内容: 我正在尝试建立与trackobot.com的连接以接收一些JSON数据。服务器仅允许通过HTTPS / SSL进行连接。这是代码: openSteam抛出javax.net.ssl.SSLHandshakeException:收到致命警报:handshake_failure 我通读了与类似问题有关的几篇文章,但没有任何建议可以帮助您。适当的证书在我的信任库中。例如,当我尝试连接到goo