Is it possible to keep two certificates in activemq to communicate with two
different clients (i.e old client with old certificate and new client with
new certificate). In activemq keystore file I have imported two keys of old
and new certificates.
In this the new client is communicating fine and the old client is unable to
communicate to activemq. The following exception I get while client tries to
connect to activemq
javax.jms.JMSException: sun.security.validator.ValidatorException: PKIX path
validation failed: java.security.cert.CertPathValidatorException: signature
check failed
at
org.apache.activemq.util.JMSExceptionSupport.create(JMSExceptionSupport.java:62)
at
org.apache.activemq.ActiveMQConnection.syncSendPacket(ActiveMQConnection.java:1298)
at
org.apache.activemq.ActiveMQConnection.ensureConnectionInfoSent(ActiveMQConnection.java:1382)
at
org.apache.activemq.ActiveMQConnection.createSession(ActiveMQConnection.java:309)
at com.sample.ssl.job.handler.MessageQueueLocator.getJmsSession(Unknown
Source)
at
com.sample.ssl.job.handler.MessageQueueLocator.sendMessageToGeneralQueue(Unknown
Source)
at
com.sample.ssl.communication.JobResposeDispatcherInvoker.dispatchStartupMessage(Unknown
Source)
at com.sample.ssl.job.MessageDispatchJob.dispatchStartupMessage(Unknown
Source)
at com.sample.ssl.job.MessageDispatchJob.execute(Unknown Source)
at org.quartz.core.JobRunShell.run(JobRunShell.java:202)
at
org.quartz.simpl.SimpleThreadPool$WorkerThread.run(SimpleThreadPool.java:529)
Caused by: javax.net.ssl.SSLHandshakeException:
sun.security.validator.ValidatorException: PKIX path validation failed:
java.security.cert.CertPathValidatorException: signature check failed
at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Alerts.java:174)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1731)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:241)
at com.sun.net.ssl.internal.ssl.Handshaker.fatalSE(Handshaker.java:235)
at
com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1206)
at
com.sun.net.ssl.internal.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:136)
at
com.sun.net.ssl.internal.ssl.Handshaker.processLoop(Handshaker.java:593)
at
com.sun.net.ssl.internal.ssl.Handshaker.process_record(Handshaker.java:529)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:925)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1170)
at
com.sun.net.ssl.internal.ssl.SSLSocketImpl.writeRecord(SSLSocketImpl.java:637)
at
com.sun.net.ssl.internal.ssl.AppOutputStream.write(AppOutputStream.java:89)
at
org.apache.activemq.transport.tcp.TcpBufferedOutputStream.flush(TcpBufferedOutputStream.java:115)
at java.io.DataOutputStream.flush(DataOutputStream.java:106)
at
org.apache.activemq.transport.tcp.TcpTransport.oneway(TcpTransport.java:181)
at
org.apache.activemq.transport.InactivityMonitor.oneway(InactivityMonitor.java:255)
at
org.apache.activemq.transport.WireFormatNegotiator.sendWireFormat(WireFormatNegotiator.java:168)
at
org.apache.activemq.transport.WireFormatNegotiator.sendWireFormat(WireFormatNegotiator.java:84)
at
org.apache.activemq.transport.WireFormatNegotiator.start(WireFormatNegotiator.java:74)
at
org.apache.activemq.transport.failover.FailoverTransport.doReconnect(FailoverTransport.java:844)
at
org.apache.activemq.transport.failover.FailoverTransport$2.iterate(FailoverTransport.java:135)
at
org.apache.activemq.thread.PooledTaskRunner.runTask(PooledTaskRunner.java:122)
at
org.apache.activemq.thread.PooledTaskRunner$1.run(PooledTaskRunner.java:43)
at
java.util.concurrent.ThreadPoolExecutor$Worker.runTask(ThreadPoolExecutor.java:886)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:908)
at java.lang.Thread.run(Thread.java:662)
Caused by: sun.security.validator.ValidatorException: PKIX path validation
failed: java.security.cert.CertPathValidatorException: signature check
failed
at
sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:289)
at
sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:263)
at
sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:184)
at sun.security.validator.Validator.validate(Validator.java:218)
at
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:126)
at
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:209)
at
com.sun.net.ssl.internal.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:249)
at
com.sun.net.ssl.internal.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1185)
... 21 more
Caused by: java.security.cert.CertPathValidatorException: signature check
failed
at
sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:139)
at
sun.security.provider.certpath.PKIXCertPathValidator.doValidate(PKIXCertPathValidator.java:330)
at
sun.security.provider.certpath.PKIXCertPathValidator.engineValidate(PKIXCertPathValidator.java:178)
at
java.security.cert.CertPathValidator.validate(CertPathValidator.java:250)
at
sun.security.validator.PKIXValidator.doValidate(PKIXValidator.java:275)
... 28 more
Caused by: java.security.SignatureException: Signature does not match.
at sun.security.x509.X509CertImpl.verify(X509CertImpl.java:421)
at
sun.security.provider.certpath.BasicChecker.verifySignature(BasicChecker.java:133)
at
sun.security.provider.certpath.BasicChecker.check(BasicChecker.java:112)
at
sun.security.provider.certpath.PKIXMasterCertPathValidator.validate(PKIXMasterCertPathValidator.java:117)
... 32 more
Can any one explain me why this not working, and why am getting this error?
If am doing anything wrong please direct me in correct way.
--
View this message in context:
http://activemq.2283324.n4.nabble.com/Is-it-possible-to-keep-two-certificates-in-activemq-ssl-context-tp4725736.html
Sent from the ActiveMQ - User mailing list archive at Nabble.com.
