我想创建一个嵌入式 ActiveMQ 代理,它使用客户端身份验证机制 (TLS) 监听 SSL 协议(protocol)。
这是我期望这样做的代码:
//loading keystore from file
KeyStore keystore = KeyStore.getInstance("pkcs12");
File ksfile = new File("/home/me/client1.pkcs12");
FileInputStream ksfis = new FileInputStream(ksfile);
keystore.load(ksfis, "password".toCharArray());
//loading truststore from file
KeyStore truststore = KeyStore.getInstance("jks");
truststore.load(new FileInputStream(new File("/home/me/client1.truststore")), "password"
.toCharArray());
KeyManagerFactory kmf = KeyManagerFactory.getInstance(KeyManagerFactory
.getDefaultAlgorithm());
kmf.init(keystore, "password".toCharArray());
TrustManagerFactory tmf = TrustManagerFactory
.getInstance(TrustManagerFactory.getDefaultAlgorithm());
tmf.init(truststore);
//broker definition
String cfURI = "ssl://localhost:2032";
BrokerService brokerService = new BrokerService();
brokerService.addConnector(cfURI);
//configure ssl context for the broker
SslContext sslContext = new SslContext(kmf.getKeyManagers(),tmf.getTrustManagers(), null);
//need client authentication
sslContext.getSSLContext().getDefaultSSLParameters().setNeedClientAuth(true);
sslContext.getSSLContext().getDefaultSSLParameters().setWantClientAuth(true);
brokerService.setSslContext(sslContext);
brokerService.start();
当我在主程序中执行前面的代码时,出现以下错误:
GRAVE: Could not accept connection : javax.net.ssl.SSLException: No available certificate or key corresponds to the SSL cipher suites which are enabled.
欢迎提出任何建议!
感谢您的阅读。
最佳答案
您的客户是否在其信任库中设置了来自代理的证书?恐怕这就是您遇到的问题。
除此之外,如果您也粘贴客户端代码可能会有所帮助
关于java - ActiveMQ - 创建监听 SSL (TLS) 传输错误的嵌入式代理,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/10374283/