1

我已经设置了一个由四个节点(两个主代理,两个从代理)组成的 artemis 集群,并希望使用 ssl 对其进行保护。当我启动主代理 1 时,它没有错误地启动。当我启动从代理 1 时,会出现以下堆栈跟踪:

2020-06-29 09:35:09,936 ERROR [org.apache.activemq.artemis.core.client] AMQ214016: Failed to create netty connection: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
    at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1529) [jsse.jar:1.8.0_162]
    at sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:535) [jsse.jar:1.8.0_162]
    at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:813) [jsse.jar:1.8.0_162]
    at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:781) [jsse.jar:1.8.0_162]
    at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624) [rt.jar:1.8.0_162]
    at io.netty.handler.ssl.SslHandler$SslEngineType$3.unwrap(SslHandler.java:295) [netty-all-4.1.34.Final.jar:4.1.34.Final]
    at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1330) [netty-all-4.1.34.Final.jar:4.1.34.Final]
    at io.netty.handler.ssl.SslHandler.decodeJdkCompatible(SslHandler.java:1225) [netty-all-4.1.34.Final.jar:4.1.34.Final]
    at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1272) [netty-all-4.1.34.Final.jar:4.1.34.Final]
    at io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:502) [netty-all-4.1.34.Final.jar:4.1.34.Final]
    at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:441) [netty-all-4.1.34.Final.jar:4.1.34.Final]
    at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:278) [netty-all-4.1.34.Final.jar:4.1.34.Final]
    at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:359) [netty-all-4.1.34.Final.jar:4.1.34.Final]
    at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:345) [netty-all-4.1.34.Final.jar:4.1.34.Final]
    at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:337) [netty-all-4.1.34.Final.jar:4.1.34.Final]
    at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1408) [netty-all-4.1.34.Final.jar:4.1.34.Final]
    at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:359) [netty-all-4.1.34.Final.jar:4.1.34.Final]
    at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:345) [netty-all-4.1.34.Final.jar:4.1.34.Final]
    at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:930) [netty-all-4.1.34.Final.jar:4.1.34.Final]
    at 

io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:163) [netty-all-4.1.34.Final.jar:4.1.34.Final]
        at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:677) [netty-all-4.1.34.Final.jar:4.1.34.Final]
        at io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:612) [netty-all-4.1.34.Final.jar:4.1.34.Final]
        at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:529) [netty-all-4.1.34.Final.jar:4.1.34.Final]
        at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:491) [netty-all-4.1.34.Final.jar:4.1.34.Final]
        at io.netty.util.concurrent.SingleThreadEventExecutor$5.run(SingleThreadEventExecutor.java:905) [netty-all-4.1.34.Final.jar:4.1.34.Final]
        at org.apache.activemq.artemis.utils.ActiveMQThreadFactory$1.run(ActiveMQThreadFactory.java:118) [artemis-commons-2.11.0.jar:2.11.0]
Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
        at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) [jsse.jar:1.8.0_162]
        at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1728) [jsse.jar:1.8.0_162]
        at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:330) [jsse.jar:1.8.0_162]
        at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:322) [jsse.jar:1.8.0_162]
        at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1614) [jsse.jar:1.8.0_162]
        at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216) [jsse.jar:1.8.0_162]
        at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1052) [jsse.jar:1.8.0_162]
        at sun.security.ssl.Handshaker$1.run(Handshaker.java:992) [jsse.jar:1.8.0_162]
        at sun.security.ssl.Handshaker$1.run(Handshaker.java:989) [jsse.jar:1.8.0_162]
        at java.security.AccessController.doPrivileged(Native Method) [rt.jar:1.8.0_162]
        at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1467) [jsse.jar:1.8.0_162]
        at io.netty.handler.ssl.SslHandler.runAllDelegatedTasks(SslHandler.java:1500) [netty-all-4.1.34.Final.jar:4.1.34.Final]
        at io.netty.handler.ssl.SslHandler.runDelegatedTasks(SslHandler.java:1514) [netty-all-4.1.34.Final.jar:4.1.34.Final]
        at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1398) [netty-all-4.1.34.Final.jar:4.1.34.Final]
        ... 19 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
        at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:397) [rt.jar:1.8.0_162]
        at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:302) [rt.jar:1.8.0_162]
        at sun.security.validator.Validator.validate(Validator.java:260) [rt.jar:1.8.0_162]
        at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324) [jsse.jar:1.8.0_162]
        at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:281) [jsse.jar:1.8.0_162]
        at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:136) [jsse.jar:1.8.0_162]
        at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1601) [jsse.jar:1.8.0_162]

这是主配置

<connectors>
    <connector name="netty-connector">tcp://localhost:61616?sslEnabled=true;keyStorePath=activemq.example.keystore;keyStorePassword=activemqexample</connector>
</connectors>

<acceptors>
     <acceptor name="netty-ssl-acceptor">tcp://localhost:61616?sslEnabled=true;keyStorePath=activemq.example.keystore;keyStorePassword=activemqexample</acceptor>
</acceptors>

这是从配置

<connectors>
     <connector name="netty-connector">tcp://localhost:61617?sslEnabled=true;keyStorePath=activemq.example.keystore;keyStorePassword=activemqexample</connector>          
     <connector name="server1-netty-live-connector">tcp://localhost:61616?sslEnabled=true;keyStorePath=activemq.example.keystore;keyStorePassword=activemqexample</connector>
 </connectors>

<acceptors>
     <acceptor name="netty-ssl-acceptor">tcp://localhost:61617?sslEnabled=true;keyStorePath=activemq.example.keystore;keyStorePassword=activemqexample</acceptor>
</acceptors>

我在windows 10下安装了证书。谁能解释一下是什么问题以及如何解决?

4

0 回答 0