I am trying to do a broker setup as follows: - All transportConnectors are ssl only and all have needClientAuth set to true - All networkConnectors are over ssl and the endpoint also requires ClientAuth
I need to find a way to have the transportConnectors and the networkConnectors use DIFFERENT SSL certificates. Server and client certificates are done a bit differently and very importantly, an activemq client will fail to connect to a broker that uses a client certificate for its transportConnector. So, the transportConnector needs to use the SERVER certificate and the networkConnector needs to use the CLIENT certificate. I have tried putting both certificates (and their keys) into the same keystore. When I do that, activemq always uses the client certificate for both connectors and and all client connections to the broker fail (but the networkConnector does work). It just won't use the server certificate, no matter how I build the keystore (what order the certs are in, etc). I don't see any way to specify more than one keystore. Nor do I see any way to tell the connectors which certificate (or specific keystore) to use. So I can get either ssl transportConnector to work or ssl networkConnector to work, but not both at the same time with required certificate auth. Any help would be very appreciated! -adam -- View this message in context: http://activemq.2283324.n4.nabble.com/Different-SSL-Certificates-for-transportConnector-vs-networkConnector-tp3174842p3174842.html Sent from the ActiveMQ - User mailing list archive at Nabble.com.
