cancel
Showing results for 
Search instead for 
Did you mean: 

JMS Sender Adapter Active MQ with SSL on PI 7.1

Former Member
0 Kudos

Hi all,

we are trying to access an Active MQ jms queue over a secure SSL connection. On activating the JMS sender channel the following exception is thrown:

javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

This seems to indicate that the Active MQ libs we have integrated (JMS access without SSL works) don't seem to be able to regard the certificate provided by the MQ server as trusted. The certificate has not expired yet.

The MQ documentation says that the MQ libs are referencing the trust store quoted by the property javax.net.ssl.trustStore

(see http://activemq.apache.org/how-do-i-use-ssl.html). Where has the client certificate to be placed within the PI adapterengine so that the certificate can be found?

Kind regards,

Heiko

Accepted Solutions (1)

Accepted Solutions (1)

marksmyth
Product and Topic Expert
Product and Topic Expert
0 Kudos

Hello Heiko

Certificates are installed in the Keystore in the Netweaver Administrator. See the link below:

Using the AS Java Key Storage

http://help.sap.com/saphelp_nwpi71/helpdata/EN/e9/a1dd44d2c83c43afb5ec8a4292f3e0/content.htm

Please also check the thread for details on the supportability of JMS adapter and SSL - http://forums.sdn.sap.com/thread.jspa?messageID=8067802#8067802

Regards

Mark

Former Member
0 Kudos

Hello Mark,

you're right in saying that jms doesn't support SSL by default. The SSL encryption is a special feature of the Active MQ JMS provider. It's libraries are JMS enabled. Unfortunately they seem to assume that they are to be applied in an environment where the Java property trustStore can be set without any side effects. I assume that is not possible regarding the PI adapter engine.

Right know for me it seems the only way to solve this problem might be to find the implementation carrying out the SSL-Handshake and the overwrite it so that it can cope with the PI specific restrictions.

Regards,

Heiko

Answers (2)

Answers (2)

madhusudana_reddy2
Contributor
0 Kudos

Hello,

Are you able to implement SSL connection over JMS adapter to connect ActiveMQ.

Can you please provide us some inputs..

Regards,

Madhu

Former Member
0 Kudos

Hello Heiko,

Were you able to access an Active MQ jms queue over a secure SSL connection?. Hope you have some suggestions. Appreciate your help

Thanks,

Namadev