How to specify a local custom SSL truststore for Hornetq client when connecting via JNDI naming serverTrust Store vs Key Store - creating with keytoolResolving javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed Error?Configuring activemq client for using ssl for encryption onlySSL - only allow specific clients or servers (Java truststore)Secure SSL Enabled JMS (HornetQ) Connection using Springhandshake failure in ssl connection bewteen client/server javaDoubts about writing Java SSL client and server using keystore and truststoreIs distributing client / server software with SSL KeyStores and TrustStores secure?Is it secure to distribute a client / server application with same SSL Key/TrustStore?How to specify a local custom SSL truststore for JTOpen?
Simulate a pool using multithreading in Python
Spanning tree of a rectangular grid
What type of beer is best for beer battered fish?
Implement the Max-Pooling operation from Convolutional Neural Networks
What are these criss-cross patterns close to Cambridge Airport (UK)?
What spells can be countered?
Will a nuclear country use nuclear weapons if attacked by conventional means by another nuclear country?
Google just EOLed the original Pixel. How long until it's a brick?
Well-known American figure with Roman numerals
"Cобака на сене" - is this expression still in use or is it dated?
Why do airports in the UK have so few runways?
How do the Martian rebels defeat Earth when they're grossly outnumbered and outgunned?
How to use FDE without needing to share the encryption password
Is it unsafe to remove one stud from a load bearing wall?
A variation on Caesar
Why are Democrats mostly focused on increasing healthcare spending, rarely mentioning any proposals for decreasing the costs of healthcare services?
"Ich habe Durst" vs "Ich bin durstig": Which is more common?
Making Sandwiches
What type of logical fallacy is the offering of a source which is really long and not specifying what part of the source is relevant?
I'm being blamed for not responding to an email from a client that was directly addressed to coworker
What do you call someone whose unmarried partner has died?
What information could a Time Traveller give to the Germans to make them win the war?
Pi to the power y, for small y's
Physical interpretation of complex numbers
How to specify a local custom SSL truststore for Hornetq client when connecting via JNDI naming server
Trust Store vs Key Store - creating with keytoolResolving javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed Error?Configuring activemq client for using ssl for encryption onlySSL - only allow specific clients or servers (Java truststore)Secure SSL Enabled JMS (HornetQ) Connection using Springhandshake failure in ssl connection bewteen client/server javaDoubts about writing Java SSL client and server using keystore and truststoreIs distributing client / server software with SSL KeyStores and TrustStores secure?Is it secure to distribute a client / server application with same SSL Key/TrustStore?How to specify a local custom SSL truststore for JTOpen?
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty
margin-bottom:0;
We have a java client (mule app) which is using hornetq client (v2.3.25.SP20) for connecting to the HornetQ remote server via the JNDI naming server (port 1099).
The connection is secured with SSL. The driver is requiring the javax.net.ssl.trustStore property to be set explicitly. Otherwise, it does not find the trust store.
We would like to specify a custom truststore for the session.
But setting a global property javax.net.ssl.trustStore may affect other applications. So, we are looking for the alternative.
I've coded a custom trust manager (X509TrustManager) which points to the custom truststore. But the issue is that it's used only for establishing connectivity with the JNDI server. Then, the actual connection object is taking the trust store location from the remote server (in case, of course, if javax.net.ssl.trustStore is not set).
The error HQ212007 is produced:
connector.create or connectorFactory.createConnector should never
throw an exception, implementation is badly behaved, but we will deal
with it anyway.
Unable to create NettyConnector for myserver:4447
Failed to find a store at remote server keystore location
Googling the error code, I've found very similar issue described with not solution provided here.
So, is there another way of specifying a path to a truststore for hornetq client when connectivng via JNDI, so, that it would not affect other applications running on the same VM system? Or, may be there is a way to disable the SSL certificate validation on the client side completely - this would work for us as well?
ssl jms hornetq
asked Mar 28 at 21:54
spoonboyspoonboy
8412 gold badges12 silver badges41 bronze badges
add a comment
|
We have a java client (mule app) which is using hornetq client (v2.3.25.SP20) for connecting to the HornetQ remote server via the JNDI naming server (port 1099).
The connection is secured with SSL. The driver is requiring the javax.net.ssl.trustStore property to be set explicitly. Otherwise, it does not find the trust store.
We would like to specify a custom truststore for the session.
But setting a global property javax.net.ssl.trustStore may affect other applications. So, we are looking for the alternative.
I've coded a custom trust manager (X509TrustManager) which points to the custom truststore. But the issue is that it's used only for establishing connectivity with the JNDI server. Then, the actual connection object is taking the trust store location from the remote server (in case, of course, if javax.net.ssl.trustStore is not set).
The error HQ212007 is produced:
connector.create or connectorFactory.createConnector should never
throw an exception, implementation is badly behaved, but we will deal
with it anyway.
Unable to create NettyConnector for myserver:4447
Failed to find a store at remote server keystore location
Googling the error code, I've found very similar issue described with not solution provided here.
So, is there another way of specifying a path to a truststore for hornetq client when connectivng via JNDI, so, that it would not affect other applications running on the same VM system? Or, may be there is a way to disable the SSL certificate validation on the client side completely - this would work for us as well?
ssl jms hornetq
asked Mar 28 at 21:54
spoonboyspoonboy
8412 gold badges12 silver badges41 bronze badges
add a comment
|
We have a java client (mule app) which is using hornetq client (v2.3.25.SP20) for connecting to the HornetQ remote server via the JNDI naming server (port 1099).
The connection is secured with SSL. The driver is requiring the javax.net.ssl.trustStore property to be set explicitly. Otherwise, it does not find the trust store.
We would like to specify a custom truststore for the session.
But setting a global property javax.net.ssl.trustStore may affect other applications. So, we are looking for the alternative.
I've coded a custom trust manager (X509TrustManager) which points to the custom truststore. But the issue is that it's used only for establishing connectivity with the JNDI server. Then, the actual connection object is taking the trust store location from the remote server (in case, of course, if javax.net.ssl.trustStore is not set).
The error HQ212007 is produced:
connector.create or connectorFactory.createConnector should never
throw an exception, implementation is badly behaved, but we will deal
with it anyway.
Unable to create NettyConnector for myserver:4447
Failed to find a store at remote server keystore location
Googling the error code, I've found very similar issue described with not solution provided here.
So, is there another way of specifying a path to a truststore for hornetq client when connectivng via JNDI, so, that it would not affect other applications running on the same VM system? Or, may be there is a way to disable the SSL certificate validation on the client side completely - this would work for us as well?
ssl jms hornetq
asked Mar 28 at 21:54
spoonboyspoonboy
8412 gold badges12 silver badges41 bronze badges
We have a java client (mule app) which is using hornetq client (v2.3.25.SP20) for connecting to the HornetQ remote server via the JNDI naming server (port 1099).
The connection is secured with SSL. The driver is requiring the javax.net.ssl.trustStore property to be set explicitly. Otherwise, it does not find the trust store.
We would like to specify a custom truststore for the session.
But setting a global property javax.net.ssl.trustStore may affect other applications. So, we are looking for the alternative.
I've coded a custom trust manager (X509TrustManager) which points to the custom truststore. But the issue is that it's used only for establishing connectivity with the JNDI server. Then, the actual connection object is taking the trust store location from the remote server (in case, of course, if javax.net.ssl.trustStore is not set).
The error HQ212007 is produced:
connector.create or connectorFactory.createConnector should never
throw an exception, implementation is badly behaved, but we will deal
with it anyway.
Unable to create NettyConnector for myserver:4447
Failed to find a store at remote server keystore location
Googling the error code, I've found very similar issue described with not solution provided here.
So, is there another way of specifying a path to a truststore for hornetq client when connectivng via JNDI, so, that it would not affect other applications running on the same VM system? Or, may be there is a way to disable the SSL certificate validation on the client side completely - this would work for us as well?
ssl jms hornetq
ssl jms hornetq
asked Mar 28 at 21:54
spoonboyspoonboy
8412 gold badges12 silver badges41 bronze badges
asked Mar 28 at 21:54
spoonboyspoonboy
8412 gold badges12 silver badges41 bronze badges
asked Mar 28 at 21:54
spoonboyspoonboy
8412 gold badges12 silver badges41 bronze badges
asked Mar 28 at 21:54
spoonboyspoonboy
8412 gold badges12 silver badges41 bronze badges
asked Mar 28 at 21:54
spoonboyspoonboy
8412 gold badges12 silver badges41 bronze badges
8412 gold badges12 silver badges41 bronze badges
add a comment
|
add a comment
|
1 Answer
1
active
oldest
votes
There are HornetQ-specific system properties to set SSL configuration parameters. Check out the documentation for HornetQ 2.4.0.
These properties were added after 2.3.0.Final but backported to the 2.3.x branch which is why they're available in 2.3.25.SP20 but aren't documented in the 2.3.0.Final docs.
In short, you can use these system properties instead of the global ones:
org.hornetq.ssl.keyStoreorg.hornetq.ssl.keyStorePasswordorg.hornetq.ssl.trustStoreorg.hornetq.ssl.trustStorePassword
answered Mar 29 at 13:31
Justin BertramJustin Bertram
6,9562 gold badges7 silver badges24 bronze badges
add a comment
|
Your Answer
StackExchange.ifUsing("editor", function ()
StackExchange.using("externalEditor", function ()
StackExchange.using("snippets", function ()
StackExchange.snippets.init();
);
);
, "code-snippets");
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "1"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/4.0/"u003ecc by-sa 4.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f55407434%2fhow-to-specify-a-local-custom-ssl-truststore-for-hornetq-client-when-connecting%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
There are HornetQ-specific system properties to set SSL configuration parameters. Check out the documentation for HornetQ 2.4.0.
These properties were added after 2.3.0.Final but backported to the 2.3.x branch which is why they're available in 2.3.25.SP20 but aren't documented in the 2.3.0.Final docs.
In short, you can use these system properties instead of the global ones:
org.hornetq.ssl.keyStoreorg.hornetq.ssl.keyStorePasswordorg.hornetq.ssl.trustStoreorg.hornetq.ssl.trustStorePassword
answered Mar 29 at 13:31
Justin BertramJustin Bertram
6,9562 gold badges7 silver badges24 bronze badges
add a comment
|
There are HornetQ-specific system properties to set SSL configuration parameters. Check out the documentation for HornetQ 2.4.0.
These properties were added after 2.3.0.Final but backported to the 2.3.x branch which is why they're available in 2.3.25.SP20 but aren't documented in the 2.3.0.Final docs.
In short, you can use these system properties instead of the global ones:
org.hornetq.ssl.keyStoreorg.hornetq.ssl.keyStorePasswordorg.hornetq.ssl.trustStoreorg.hornetq.ssl.trustStorePassword
answered Mar 29 at 13:31
Justin BertramJustin Bertram
6,9562 gold badges7 silver badges24 bronze badges
add a comment
|
There are HornetQ-specific system properties to set SSL configuration parameters. Check out the documentation for HornetQ 2.4.0.
These properties were added after 2.3.0.Final but backported to the 2.3.x branch which is why they're available in 2.3.25.SP20 but aren't documented in the 2.3.0.Final docs.
In short, you can use these system properties instead of the global ones:
org.hornetq.ssl.keyStoreorg.hornetq.ssl.keyStorePasswordorg.hornetq.ssl.trustStoreorg.hornetq.ssl.trustStorePassword
answered Mar 29 at 13:31
Justin BertramJustin Bertram
6,9562 gold badges7 silver badges24 bronze badges
There are HornetQ-specific system properties to set SSL configuration parameters. Check out the documentation for HornetQ 2.4.0.
These properties were added after 2.3.0.Final but backported to the 2.3.x branch which is why they're available in 2.3.25.SP20 but aren't documented in the 2.3.0.Final docs.
In short, you can use these system properties instead of the global ones:
org.hornetq.ssl.keyStoreorg.hornetq.ssl.keyStorePasswordorg.hornetq.ssl.trustStoreorg.hornetq.ssl.trustStorePassword
answered Mar 29 at 13:31
Justin BertramJustin Bertram
6,9562 gold badges7 silver badges24 bronze badges
answered Mar 29 at 13:31
Justin BertramJustin Bertram
6,9562 gold badges7 silver badges24 bronze badges
answered Mar 29 at 13:31
Justin BertramJustin Bertram
6,9562 gold badges7 silver badges24 bronze badges
answered Mar 29 at 13:31
Justin BertramJustin Bertram
6,9562 gold badges7 silver badges24 bronze badges
6,9562 gold badges7 silver badges24 bronze badges
add a comment
|
add a comment
|
Thanks for contributing an answer to Stack Overflow!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fstackoverflow.com%2fquestions%2f55407434%2fhow-to-specify-a-local-custom-ssl-truststore-for-hornetq-client-when-connecting%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
