I think it should work, the TLS configuration is independent. the callback is the "name" of the connector/locator I guess if you can narrow it down a little, and maybe generate logging with system property -Djavax.net.debug=all it may be clear what is going wrong.
On Sun, 18 Apr 2021 at 16:49, Dondorp, Erwin <erwin.dond...@cgi.com> wrote: > > Hello! > > I'm struggling with the use of SSL in my pair of brokers that are connected > using the federation mechanism from Artemis. > Clients can successfully connect to either broker using ssl; and the > federation setup also works using non-ssl. > And it also works for upstream traffic using ssl, but so far not for > downstream traffic using ssl. > > --> The quick question: has anyone successfully used downstream federation > with ssl? > > Here are some more details that I already have... > In my case, broker A sets up the federation connections, for both upstream > and downstream. > But broker B complains about "AMQ214016: Failed to create netty connection: > javax.net.ssl.SSLHandshakeException: PKIX path building failed: > sun.security.provider.certpath.SunCertPathBuilderException: unable to find > valid certification path to requested target" ... "Caused by: > sun.security.validator.ValidatorException: PKIX path building failed: > sun.security.provider.certpath.SunCertPathBuilderException: unable to find > valid certification path to requested target" ... "Caused by: > sun.security.provider.certpath.SunCertPathBuilderException: unable to find > valid certification path to requested target" > I did provide the location of the truststore on both A and B, and I know that > A first sends a callback url to B, so that B can connect back to A. And > therefore the truststore on B is also important. > So, I am quite sure it should be working. Any "yes" answer on the above > question may help to decide whether this can be done, or that I'm hitting a > bug. > > Thx! > e.
