Login

Consultor Eletrônico



Kbase 21701: SonicMQ:SSL Exception When Using Sample Certificate On UNIX
Autor   Progress Software Corporation - Progress
Acesso   Público
Publicação   1/23/2002
SUMMARY:

This solution applies to SonicMQ 4.0. It discusses some incorrect parameter values in the broker.ini, and setenv for using the default SSL certificate on UNIX.

EXPLANATION:

If you are using the SSL protocol, with the default certificates provided with SonicMQ 4.0, you may see the following exception when starting the broker:

com.rsa.ssl.SSLException: Could not load key certs/serverKey.pkcs8
at com.rsa.ssl.SSLUtils.loadKey(SSLUtils.java:292)
at com.rsa.ssl.SSLUtils.loadKey(SSLUtils.java:268)
at progress.message.net.ssl.jsafe.jsafeSSLClientControl.configureKeyAndCertificate(:187)
at progress.message.net.ssl.ibb.vIB_(:103)
at progress.message.net.ssl.ibb.<init>(:34)
at progress.message.net.ssl.ProgressSslSocketFactory.createProgressServerSocket(:140)
at progress.message.broker.Acceptor.Fs_(:83)
at progress.message.broker.Acceptor.<init>(:57)
at progress.message.broker.Broker.rF_(:710)
at progress.message.broker.Broker.<init>(:405)
at progress.message.broker.Broker.main(:243)
progress.message.util.EAssertFailure: Unable to install certificate or private key
at progress.message.net.ssl.ibb.vIB_(:108)
at progress.message.net.ssl.ibb.<init>(:34)
at progress.message.net.ssl.ProgressSslSocketFactory.createProgressServerSocket(:140)
at progress.message.broker.Acceptor.Fs_(:83)
at progress.message.broker.Acceptor.<init>(:57)
at progress.message.broker.Broker.rF_(:710)
at progress.message.broker.Broker.<init>(:405)
at progress.message.broker.Broker.main(:243)

SOLUTION:

1. You need to modify the following parameters in your broker.ini file:

SSL_PRIVATE_KEY=certs/serverKey.pkcs8 should be changed to SSL_PRIVATE_KEY=certs/serverkey.pkcs8

and

SSL_CA_CERTIFICATES_DIR=certs/CA should be changed to SSL_CA_CERTIFICATES_DIR=certs/ca


2. You need to modify your <SonicMQ-install-dir>/bin/setenv file as follows:

In setenv, this parameter:
SONICMQ_SSL_CLIENT="-DSSL_CA_CERTIFICATES_DIR=$SONICMQ_HOME/certs/CA"

should be changed to:

SONICMQ_SSL_CLIENT="-DSSL_CA_CERTIFICATES_DIR=$SONICMQ_HOME/certs/ca"


References to Written Documentation: