1

我想创建一个嵌入式 ActiveMQ 代理,它使用客户端身份验证机制 (TLS) 侦听 SSL 协议。

这是我希望这样做的代码:

//loading keystore from file    
KeyStore keystore = KeyStore.getInstance("pkcs12");

File ksfile = new File("/home/me/client1.pkcs12");
FileInputStream ksfis = new FileInputStream(ksfile);

keystore.load(ksfis, "password".toCharArray());

//loading truststore from file
KeyStore truststore = KeyStore.getInstance("jks");
truststore.load(new FileInputStream(new File("/home/me/client1.truststore")), "password"
                .toCharArray());

KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory
        .getDefaultAlgorithm());
kmf.init(keystore, "password".toCharArray());

TrustManagerFactory tmf = TrustManagerFactory
        .getInstance(TrustManagerFactory.getDefaultAlgorithm());
tmf.init(truststore);

//broker definition
String cfURI = "ssl://localhost:2032";
BrokerService brokerService = new BrokerService();
brokerService.addConnector(cfURI);

//configure ssl context for the broker
SslContext sslContext = new SslContext(kmf.getKeyManagers(),tmf.getTrustManagers(), null);

//need client authentication
sslContext.getSSLContext().getDefaultSSLParameters().setNeedClientAuth(true);
sslContext.getSSLContext().getDefaultSSLParameters().setWantClientAuth(true);

brokerService.setSslContext(sslContext);
brokerService.start();

当我在主程序中执行前面的代码时,出现以下错误:

GRAVE: Could not accept connection : javax.net.ssl.SSLException: No available certificate or key corresponds to the SSL cipher suites which are enabled.

欢迎提出任何建议!

谢谢阅读。

4

2 回答 2

1

您的客户是否在其信任库中设置了来自代理的证书?恐怕这就是你遇到的问题。

除此之外,如果您也粘贴客户端代码可能会有所帮助

于 2013-05-06T13:29:33.180 回答
0

从客户端连接时,我使用 ActiveMQConnectionFactory 而不是 ActiveMQSslConnectionFactory 收到此错误

于 2012-07-13T10:39:31.413 回答