Uploaded image for project: 'JBoss A-MQ'
  1. JBoss A-MQ
  2. ENTMQ-1754

[AMQP] Can't connect to broker with SSL and Windows AMQP.Net Lite client

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Won't Do
    • Icon: Major Major
    • None
    • Jboss A-MQ 7.0.0.ER7
    • amqp
    • Hide

      Cert generation

      The cert generation is done on Windows using script gen-win-ssl-certs.bat. This script is available at private repo
      origin https://github.com/ChugR/amq7-documentation-contrib branch contrib-lite-certs

      Cert distribution

      Install the certs on windows and linux per my blog post about ActiveMQ and SSL

      Configure broker

      The broker.xml is attached as a separate file. The important line is

      +         <acceptor name="amqps">tcp://0.0.0.0:5671?sslEnabled=true;keyStorePath=${data.dir}/../lite-certs/certs/broker-jks.keystore;keyStorePassword=password;protocols=AMQP</acceptor>

      Run the tests

      As described above.

      Show
      Cert generation The cert generation is done on Windows using script gen-win-ssl-certs.bat. This script is available at private repo origin https://github.com/ChugR/amq7-documentation-contrib branch contrib-lite-certs Cert distribution Install the certs on windows and linux per my blog post about ActiveMQ and SSL Configure broker The broker.xml is attached as a separate file. The important line is + <acceptor name="amqps">tcp://0.0.0.0:5671?sslEnabled=true;keyStorePath=${data.dir}/../lite-certs/certs/broker-jks.keystore;keyStorePassword=password;protocols=AMQP</acceptor> Run the tests As described above.

      Verify that the certs work using A-MQ6

      I ran the broker side keyStore only (no trustStore) in jboss-a-mq-6.2.0.redhat-133 and it works as expected.

      A-MQ7 results

      The SSL negotiation appears to start from my network traces and some AMQP messages are sent through the SSL tunnel.

      Sending with admin:admin SASL my client sees:

      D:\Users\crolke\brew-lite-kits\1.1.8.0\amqpnetlite\bin\Debug>simple_send.exe amqps://admin:admin@10.10.59.208:5671 my-queue 5
[02:26.486] SEND AMQP 3 1 0 0
[02:26.502] SEND sasl-init(mechanism:PLAIN,initial-response:0061646D696E0061646D696E,hostname:10.10.59.208)
[02:26.674] RECV AMQP 3 1 0 0
[02:26.674] RECV sasl-mechanisms(sasl-server-mechanisms:[PLAIN])
[02:26.674] RECV sasl-outcome(code:1)

Unhandled Exception: Amqp.AmqpException: Sasl negotiation failed with code Auth.

      If I run with no admin:admin credentials I see:

      D:\Users\crolke\brew-lite-kits\1.1.8.0\amqpnetlite\bin\Debug>simple_send.exe amqps://10.10.59.208:5671 my-queue 5
[02:10.846] SEND AMQP 0 1.0.0
[02:10.846] SEND (ch=0) open(container-id:a02510b2-8db2-4d99-a8c7-b083411570fb,host-name:10.10.59.208,max-frame-size:262144,channel-max:256)
[02:10.846] SEND (ch=0) begin(next-outgoing-id:4294967293,incoming-window:2048,outgoing-window:2048,handle-max:4294967295)
[02:10.861] SEND (ch=0) attach(name:sender,handle:0,role:False,source:source(),target:target(address:my-queue),initial-delivery-count:0)
[02:10.908] RECV AMQP 0 1 0 0
[02:10.955] RECV (ch=0) open(container-id:,host-name:,max-frame-size:4294967295,channel-max:65535,idle-time-out:30000)
[02:11.080] RECV (ch=65535) attach(name:sender,handle:0,role:True,snd-settle-mode:2,rcv-settle-mode:0,source:source())
[02:11.221] SEND (ch=0) close(error:error(condition:amqp:not-found,description:The session channel '65535' cannot be found.))
[02:11.377] RECV (ch=0) close()

Unhandled Exception: Amqp.AmqpException: amqp:message:released

      I expect that there is a variety of issues going on here.

        1. artemis.log
          4 kB
        2. broker.xml
          5 kB

            Unassigned Unassigned
            crolke@redhat.com Chuck Rolke (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: