Geek asks and answers

Communication error when using jconsole with ssl

I am trying to connect to the application remotely using jconsole. Without SSL, my configuration works without problems.

I created a public key on the server that I want to access:

sudo keytool -keystore broker.ks -alias broker -genkey -keyalg RSA

Then I exported the certificate:

sudo keytool -export -alias broker -keystore broker.ks -file broker_cert.crt

Client side I create a trust repository and import the certificate:

-import -alias broker -keystore broker.ts -file broker_cert.crt

Then I start the server side of the broker server as follows:

java \
-Xms1024M \
-Xmx1024M \
-Dcom.sun.management.jmxremote.port=1099 \
-Dcom.sun.management.jmxremote.password.file=/etc/activemq/jmx.password \
-Dcom.sun.management.jmxremote.access.file=/etc/activemq/jmx.access \
-Dcom.sun.management.jmxremote \
-jar broker.jar \
-Djavax.net.ssl.keyStore=/etc/activemq/broker.ks \
-Djavax.net.ssl.keyStorePassword=password

As I mentioned, the password configuration works correctly, since I can connect when setting jmxremote.ssl to false.

Client side Then I start jconsole as follows:

jconsole -J-Djavax.net.ssl.trustStore=/etc/activemq/broker.ts -J-Djavax.net.ssl.trustStorePassword=password -J-Djava.util.logging.config.file=/etc/activemq/logging.properties

When trying to connect to the server, the logs give me the following error:

failed to connect: java.rmi.ConnectIOException: error during JRMP connection establishment; nested exception is: 
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure

To clarify this, my certificates are definitely configured correctly. Server side that I can do in / etc / activemq:

keytool -list -keystore broker.ks

And we get:

Keystore type: JKS
Keystore provider: SUN

Your keystore contains 1 entry

broker, 01-May-2012, PrivateKeyEntry, 
Certificate fingerprint (MD5): 30:55:60:4A:B5:85:D0:C5:2C:E9:DD:AD:1E:92:BE:6E

/etc/activemq :

keytool -list -keystore broker.ks

:

Keystore type: JKS
Keystore provider: SUN

Your keystore contains 1 entry

broker, May 3, 2012, trustedCertEntry,
Certificate fingerprint (MD5): 30:55:60:4A:B5:85:D0:C5:2C:E9:DD:AD:1E:92:BE:6E

. , , jconsole, -J-Djavax.net.ssl.trustStore=<boguspathhere>, ​​ , , /etc/activemq/broker.ts - , , ! ,

failed to connect: java.rmi.ConnectIOException: error during JRMP connection     establishment; nested exception is: 
javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure

Grrrr

+3
1

, :

java \
-Xms1024M \
-Xmx1024M \
-Dcom.sun.management.jmxremote.port=1099 \
-Dcom.sun.management.jmxremote.password.file=/etc/activemq/jmx.password \
-Dcom.sun.management.jmxremote.access.file=/etc/activemq/jmx.access \
-Dcom.sun.management.jmxremote \
-jar broker.jar \
-Djavax.net.ssl.keyStore=/etc/activemq/broker.ks \
-Djavax.net.ssl.keyStorePassword=password

, -jar broker.jar. , :

java \
-Xms1024M \
-Xmx1024M \
-Dcom.sun.management.jmxremote.port=1099 \
-Dcom.sun.management.jmxremote.password.file=/etc/activemq/jmx.password \
-Dcom.sun.management.jmxremote.access.file=/etc/activemq/jmx.access \
-Dcom.sun.management.jmxremote \
-Djavax.net.ssl.keyStore=/etc/activemq/broker.ks \
-Djavax.net.ssl.keyStorePassword=password \
-jar broker.jar

Doh!

+2

More articles:


All Articles