on 04-28-2010 8:33 AM
Hi all,
we are trying to access an Active MQ jms queue over a secure SSL connection. On activating the JMS sender channel the following exception is thrown:
javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
This seems to indicate that the Active MQ libs we have integrated (JMS access without SSL works) don't seem to be able to regard the certificate provided by the MQ server as trusted. The certificate has not expired yet.
The MQ documentation says that the MQ libs are referencing the trust store quoted by the property javax.net.ssl.trustStore
(see http://activemq.apache.org/how-do-i-use-ssl.html). Where has the client certificate to be placed within the PI adapterengine so that the certificate can be found?
Kind regards,
Heiko
Hello Heiko
Certificates are installed in the Keystore in the Netweaver Administrator. See the link below:
Using the AS Java Key Storage
http://help.sap.com/saphelp_nwpi71/helpdata/EN/e9/a1dd44d2c83c43afb5ec8a4292f3e0/content.htm
Please also check the thread for details on the supportability of JMS adapter and SSL - http://forums.sdn.sap.com/thread.jspa?messageID=8067802#8067802
Regards
Mark
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Mark,
you're right in saying that jms doesn't support SSL by default. The SSL encryption is a special feature of the Active MQ JMS provider. It's libraries are JMS enabled. Unfortunately they seem to assume that they are to be applied in an environment where the Java property trustStore can be set without any side effects. I assume that is not possible regarding the PI adapter engine.
Right know for me it seems the only way to solve this problem might be to find the implementation carrying out the SSL-Handshake and the overwrite it so that it can cope with the PI specific restrictions.
Regards,
Heiko
Hello,
Are you able to implement SSL connection over JMS adapter to connect ActiveMQ.
Can you please provide us some inputs..
Regards,
Madhu
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hello Heiko,
Were you able to access an Active MQ jms queue over a secure SSL connection?. Hope you have some suggestions. Appreciate your help
Thanks,
Namadev
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
84 | |
24 | |
12 | |
9 | |
7 | |
6 | |
5 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.