Two applications, two different problems. Both of these applications worked perfectly in the test environment with SSL authentication turned off. Now that we've moved to a live environment, the applications can no longer connect to the client company's ActiveMQ messaging queue.
using dlls from Spring.Net version 1.3.1.
Connection string uses is in the format of ssl://<ip address>:<port no>?transport.acceptinvalidbrokercert=true
1) Listener Application:
We have a C# ASP.NET windows application on a Windows Server 2003 (IIS 6) server that listens to an ActiveMQ messaging queue on the client company's server. When we try to connect we get this error (ip address and port number removed from error message)
Caught NMSException => Could not connect to broker URL: ssl://<ip Address>:<port No>/?transport.acceptinvalidbrokercert=true. Reason: A call to SSPI failed, see inner exception.
== Inner exception 1 is AuthenticationException => A call to SSPI failed, see inner exception.
== Inner exception 2 is Win32Exception => An unknown error occurred while processing the certificate
The connection code we use to connect is this:
IConnectionFactory factory = new ConnectionFactory( Global.config.INCOMING_URI );
IConnection conn = factory.CreateConnection();
conn.ExceptionListener += new ExceptionListener( conn_ExceptionListener );
ISession session = conn.CreateSession( AcknowledgementMode.AutoAcknowledge );
IDestination dest = session.GetQueue( Global.config.INCOMING_DESTINATION );
IMessageConsumer receiver = session.CreateConsumer( dest );
receiver.Listener += new MessageListener( receiver_Listener );
conn.Start();
2) Sender Application
We have a c# ASP.NET windows service application that sends JMS messages to the other companies ActiveMQ messaging queue on a timed interval.
When we try to connect we get the following:
Caught NMSException => Unable to write data to the transport connection: An established connection was aborted by the software in your host machine.
at Apache.NMS.ActiveMQ.Connection.SyncRequest(Command command)
at Apache.NMS.ActiveMQ.Connection.CheckConnected()
at Apache.NMS.ActiveMQ.Connection.SyncRequest(Command command, TimeSpan requestTimeout)
at Apache.NMS.ActiveMQ.Connection.CreateSession(AcknowledgementMode sessionAcknowledgementMode)
at JMS.Service.TrackProcessingManager.SendTestData()
at JMS.Service.Global.StartWorkerThreads()
at JMS.Service.Global.Application_Start()
== Inner exception 1 is IOException => Unable to write data to the transport connection: An established connection was aborted by the software in your host machine.
at System.Net.Sockets.NetworkStream.Write(Byte[] buffer, Int32 offset, Int32 size)
at System.Net.Security._SslStream.StartWriting(Byte[] buffer, Int32 offset, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security._SslStream.ProcessWrite(Byte[] buffer, Int32 offset, Int32 count, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslStream.Write(Byte[] buffer, Int32 offset, Int32 count)
at System.IO.BinaryWriter.Write(Byte[] buffer, Int32 index, Int32 count)
at Apache.NMS.ActiveMQ.OpenWire.OpenWireFormat.Marshal(Object o, BinaryWriter ds)
at Apache.NMS.ActiveMQ.Transport.Tcp.TcpTransport.Oneway(Command command)
at Apache.NMS.ActiveMQ.Transport.InactivityMonitor.Oneway(Command command)
at Apache.NMS.ActiveMQ.Transport.WireFormatNegotiator.Oneway(Command command)
at Apache.NMS.ActiveMQ.Transport.MutexTransport.Oneway(Command command)
at Apache.NMS.ActiveMQ.Transport.ResponseCorrelator.AsyncRequest(Command command)
at Apache.NMS.ActiveMQ.Transport.ResponseCorrelator.Request(Command command, TimeSpan timeout)
at Apache.NMS.ActiveMQ.Connection.SyncRequest(Command command, TimeSpan requestTimeout)
== Inner exception 2 is SocketException => An established connection was aborted by the software in your host machine
at System.Net.Sockets.Socket.Send(Byte[] buffer, Int32 offset, Int32 size, SocketFlags socketFlags)
at System.Net.Sockets.NetworkStream.Write(Byte[] buffer, Int32 offset, Int32 size)
The client company say that they receive the following on their side of things:
java.IO.IOException: Wire format negotiation timeout: peer did not send his wire format
The connection code we use to send is this:
ConnectionFactory connectionFactory = new ConnectionFactory( Global.config.TARGET_URI );
NmsTemplate template = new NmsTemplate( connectionFactory );
Connection connection = (Apache.NMS.ActiveMQ.Connection)connectionFactory.CreateConnection();
Session session = (Apache.NMS.ActiveMQ.Session)connection.CreateSession( Apache.NMS.AcknowledgementMode.AutoAcknowledge );
MessageProducer producer = (Apache.NMS.ActiveMQ.MessageProducer)session.CreateProducer();
Apache.NMS.IMapMessage message = producer.CreateMapMessage();
<message detail populated here>
template.ConvertAndSend( Global.config.TARGET_DESTINATION, message );
Server certificates:
When we monitor the firewall, see data flowing in and out unimpeded. The company that manage the ActiveMQ queue insist that we are not transmitting our SSL certificate. We do not go through any proxy on our side. The appropriate certificates are installed on our server (we use our server certificate for another application, we know our certificate is valid) and we have installed the clients SSL certificate on our server. We have all the intermediate Certificate Authority certificates installed.
The client company that runs the ActiveMQ queue tell me that I must hard code the certificate name into both my c# ASP.Net application.
Any input from anyone who has encountered this problem before would be invaluable. We need to know
1) If/How one can hardcode the SSL certificate to send to the client company server
2) If there is another way to diagnose/debug/solve this problem?