On 24 May 2016 at 09:26, Gordon Sim <g...@redhat.com> wrote: > On 24/05/16 03:37, Steven wrote: >> >> Hello,every one, >> >> I was using the latest amqp 1.0 api to connect to broker ssl,The >> connection >> url is >> connectionfactory.qpidConnectionfactory = >> >> amqps://192.168.82.57:5673?transport.trustStoreLocation=F:\\AMQP\\QpidSSL\\clientts.jks&transport.trustStorePassword=123456 >> >> it reported the following error: >> javax.naming.NamingException: Exception while creating ConnectionFactory >> 'qpidConnectionfactory'. [Root exception is >> java.lang.IllegalArgumentException: Invalid remote URI: >> >> amqps://192.168.82.57:5673?transport.trustStoreLocation=F:\AMQP\QpidSSL\clientts.jks&transport.trustStorePassword=123456] > > > My guess would be an issue with the backslash character. >
Yes, I mentioned this yesterday on QPID-7275. The below proves that the backslash is the problem, as after changing it the URI then worked but a new issue occurs later in the connection process. > [...] >> >> I also try the following connection url: >> connectionfactory.qpidConnectionfactory = >> >> amqps://192.168.82.57:5673?transport.trustStoreLocation=F:/AMQP/QpidSSL/clientts.jks&transport.trustStorePassword=123456 >> >> It reported the following error: >> 2016-05-24 10:35:01,860 [main ] - ERROR JmsConnectionFactory >> - Failed to create JMS Provider instance for: amqps >> Caught exception, exiting. >> javax.jms.JMSException: Failed to create connection to: >> >> amqps://192.168.82.57:5673?transport.trustStoreLocation=F%253A%252FAMQP%252FQpidSSL%252Fclientts.jks&transport.trustStorePassword=123456 > > [...] > > This one looks like it may be related to hostname verification. You are > connecting by IP address. What is the CN of your certificate? Is it a > hostname? Does using the hostname as in the certificate work? As Gordon mentioned, the stacktrace looks to show a failure during server identity verification, seemingly with the IP address you are using as the 'hostname' to connect to not aligning with the identity of the certificate received from the server. You likely need to use the appropriate hostname rather than IP (so amqps://serverhost...etc..) when connecting, or update your presumably test-only certificates, or disable the hostname verification (which would obviously not be the preferred route). > >> Caused by: java.security.cert.CertificateException: No subject alternative >> names present >> at sun.security.util.HostnameChecker.matchIP(Unknown Source) >> at sun.security.util.HostnameChecker.match(Unknown Source) >> at sun.security.ssl.X509TrustManagerImpl.checkIdentity(Unknown >> Source) >> at sun.security.ssl.X509TrustManagerImpl.checkIdentity(Unknown >> Source) >> at sun.security.ssl.X509TrustManagerImpl.checkTrusted(Unknown >> Source) >> at >> sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(Unknown Source) >> ... 22 more >> >> I can through other means to connect broker successfully(qpid-0.32 >> api),This >> proved the certificate is fine.Could anyone help me look into this >> issue.Thanks in Advance > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: users-unsubscr...@qpid.apache.org > For additional commands, e-mail: users-h...@qpid.apache.org > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscr...@qpid.apache.org For additional commands, e-mail: users-h...@qpid.apache.org
