英文:
General SSLEngine problem with Artemis cluster
问题
以下是翻译好的部分:
我已经设置了一个由四个节点(两个主代理,两个从代理)组成的 Artemis 集群,并希望通过 SSL 进行安全保护。
当我启动主代理 1 时,它没有出现错误地启动。但是,当我启动从代理 1 时,出现以下堆栈跟踪:
2020-06-29 09:35:09,936 ERROR [org.apache.activemq.artemis.core.client] AMQ214016: 无法创建 Netty 连接:javax.net.ssl.SSLHandshakeException: 通用 SSLEngine 问题
at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1529) [jsse.jar:1.8.0_162]
...
... (跟踪信息继续)
...
Caused by: javax.net.ssl.SSLHandshakeException: 通用 SSLEngine 问题
...
... (更多跟踪信息)
...
Caused by: sun.security.validator.ValidatorException: PKIX 路径构建失败:sun.security.provider.certpath.SunCertPathBuilderException: 无法找到到请求目标的有效认证路径
...
... (更多跟踪信息)
...
这是 主代理配置:
<connectors>
<connector name="netty-connector">tcp://localhost:61616?sslEnabled=true;keyStorePath=activemq.example.keystore;keyStorePassword=activemqexample</connector>
</connectors>
<acceptors>
<acceptor name="netty-ssl-acceptor">tcp://localhost:61616?sslEnabled=true;keyStorePath=activemq.example.keystore;keyStorePassword=activemqexample</acceptor>
</acceptors>
这是 从代理配置:
<connectors>
<connector name="netty-connector">tcp://localhost:61617?sslEnabled=true;keyStorePath=activemq.example.keystore;keyStorePassword=activemqexample</connector>
<connector name="server1-netty-live-connector">tcp://localhost:61616?sslEnabled=true;keyStorePath=activemq.example.keystore;keyStorePassword=activemqexample</connector>
</connectors>
<acceptors>
<acceptor name="netty-ssl-acceptor">tcp://localhost:61617?sslEnabled=true;keyStorePath=activemq.example.keystore;keyStorePassword=activemqexample</acceptor>
</acceptors>
我在 Windows 10 下安装了证书。有谁能解释一下问题出在哪里,以及如何解决呢?
英文:
I have setup an artemis cluster of four nodes (two master broker, two slave broker) and want it to be secured with ssl.
When I start master broker 1, it gets up with no errors. When I start slave broker 1, there appears following stack trace:
2020-06-29 09:35:09,936 ERROR [org.apache.activemq.artemis.core.client] AMQ214016: Failed to create netty connection: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
at sun.security.ssl.Handshaker.checkThrown(Handshaker.java:1529) [jsse.jar:1.8.0_162]
at sun.security.ssl.SSLEngineImpl.checkTaskThrown(SSLEngineImpl.java:535) [jsse.jar:1.8.0_162]
at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:813) [jsse.jar:1.8.0_162]
at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:781) [jsse.jar:1.8.0_162]
at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624) [rt.jar:1.8.0_162]
at io.netty.handler.ssl.SslHandler$SslEngineType$3.unwrap(SslHandler.java:295) [netty-all-4.1.34.Final.jar:4.1.34.Final]
at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1330) [netty-all-4.1.34.Final.jar:4.1.34.Final]
at io.netty.handler.ssl.SslHandler.decodeJdkCompatible(SslHandler.java:1225) [netty-all-4.1.34.Final.jar:4.1.34.Final]
at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1272) [netty-all-4.1.34.Final.jar:4.1.34.Final]
at io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:502) [netty-all-4.1.34.Final.jar:4.1.34.Final]
at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:441) [netty-all-4.1.34.Final.jar:4.1.34.Final]
at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:278) [netty-all-4.1.34.Final.jar:4.1.34.Final]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:359) [netty-all-4.1.34.Final.jar:4.1.34.Final]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:345) [netty-all-4.1.34.Final.jar:4.1.34.Final]
at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:337) [netty-all-4.1.34.Final.jar:4.1.34.Final]
at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1408) [netty-all-4.1.34.Final.jar:4.1.34.Final]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:359) [netty-all-4.1.34.Final.jar:4.1.34.Final]
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:345) [netty-all-4.1.34.Final.jar:4.1.34.Final]
at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:930) [netty-all-4.1.34.Final.jar:4.1.34.Final]
at
io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:163) [netty-all-4.1.34.Final.jar:4.1.34.Final]
at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:677) [netty-all-4.1.34.Final.jar:4.1.34.Final]
at io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:612) [netty-all-4.1.34.Final.jar:4.1.34.Final]
at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:529) [netty-all-4.1.34.Final.jar:4.1.34.Final]
at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:491) [netty-all-4.1.34.Final.jar:4.1.34.Final]
at io.netty.util.concurrent.SingleThreadEventExecutor$5.run(SingleThreadEventExecutor.java:905) [netty-all-4.1.34.Final.jar:4.1.34.Final]
at org.apache.activemq.artemis.utils.ActiveMQThreadFactory$1.run(ActiveMQThreadFactory.java:118) [artemis-commons-2.11.0.jar:2.11.0]
Caused by: javax.net.ssl.SSLHandshakeException: General SSLEngine problem
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) [jsse.jar:1.8.0_162]
at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1728) [jsse.jar:1.8.0_162]
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:330) [jsse.jar:1.8.0_162]
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:322) [jsse.jar:1.8.0_162]
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1614) [jsse.jar:1.8.0_162]
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216) [jsse.jar:1.8.0_162]
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1052) [jsse.jar:1.8.0_162]
at sun.security.ssl.Handshaker$1.run(Handshaker.java:992) [jsse.jar:1.8.0_162]
at sun.security.ssl.Handshaker$1.run(Handshaker.java:989) [jsse.jar:1.8.0_162]
at java.security.AccessController.doPrivileged(Native Method) [rt.jar:1.8.0_162]
at sun.security.ssl.Handshaker$DelegatedTask.run(Handshaker.java:1467) [jsse.jar:1.8.0_162]
at io.netty.handler.ssl.SslHandler.runAllDelegatedTasks(SslHandler.java:1500) [netty-all-4.1.34.Final.jar:4.1.34.Final]
at io.netty.handler.ssl.SslHandler.runDelegatedTasks(SslHandler.java:1514) [netty-all-4.1.34.Final.jar:4.1.34.Final]
at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1398) [netty-all-4.1.34.Final.jar:4.1.34.Final]
... 19 more
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:397) [rt.jar:1.8.0_162]
at sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:302) [rt.jar:1.8.0_162]
at sun.security.validator.Validator.validate(Validator.java:260) [rt.jar:1.8.0_162]
at sun.security.ssl.X509TrustManagerImpl.validate(X509TrustManagerImpl.java:324) [jsse.jar:1.8.0_162]
at sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:281) [jsse.jar:1.8.0_162]
at sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:136) [jsse.jar:1.8.0_162]
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1601) [jsse.jar:1.8.0_162]
This is master config:
<connectors>
<connector name="netty-connector">tcp://localhost:61616?sslEnabled=true;keyStorePath=activemq.example.keystore;keyStorePassword=activemqexample</connector>
</connectors>
<acceptors>
<acceptor name="netty-ssl-acceptor">tcp://localhost:61616?sslEnabled=true;keyStorePath=activemq.example.keystore;keyStorePassword=activemqexample</acceptor>
</acceptors>
This is slave config:
<connectors>
<connector name="netty-connector">tcp://localhost:61617?sslEnabled=true;keyStorePath=activemq.example.keystore;keyStorePassword=activemqexample</connector>
<connector name="server1-netty-live-connector">tcp://localhost:61616?sslEnabled=true;keyStorePath=activemq.example.keystore;keyStorePassword=activemqexample</connector>
</connectors>
<acceptors>
<acceptor name="netty-ssl-acceptor">tcp://localhost:61617?sslEnabled=true;keyStorePath=activemq.example.keystore;keyStorePassword=activemqexample</acceptor>
</acceptors>
I installed the cert under windows 10. Can anyone explain what's the problem and how to solve?
专注分享java语言的经验与见解,让所有开发者获益!
评论