Hi all,
I'm trying to install Apollo 1.7 and set SSL with my own server
certificate (issued by startcom).
Steps performed:
1. Created JKS
2. Imported my private key using keytool
3. Configured apollo.xml to use my new keytool.
Now the web admin HTTPS interface works fine, but its the ssl connection
to the mqtt broker that isn't working. I've been testing using
mosquitto_pub and get this:
mosquitto_pub -h dev.kaya.io -p 61614 -f ~/input -t chazman --cafile
/media/truecrypt1/SSL/kaya-startssl/ca.pem -d
Client mosqpub/10571-brahma sending CONNECT
OpenSSL Error: error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Error: Protocol error
In my Stacktrace.log I get these errors below. Does anyone have any
ideas whats wrong?
--- LOGS
==> connection.log <==
2014-04-25 10:35:47,614 connected: local:/127.0.0.1:61614,
remote:/127.0.0.1:42632
==> apollo.log <==
2014-04-25 10:35:47,972 | INFO | javax.net.ssl.SSLException: Received
fatal alert: unknown_ca | 14596bd0785
==> stacktrace.log <==
2014-04-25 10:35:47,973 | INFO | stackref=14596bd0785
javax.net.ssl.SSLException: Received fatal alert: unknown_ca
at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)
at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1630)
at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1598)
at sun.security.ssl.SSLEngineImpl.recvAlert(SSLEngineImpl.java:1767)
at sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:1063)
at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:887)
at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:761)
at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624)
at
org.fusesource.hawtdispatch.transport.SslTransport.secure_read(SslTransport.java:369)
at
org.fusesource.hawtdispatch.transport.SslTransport.handshake(SslTransport.java:434)
at
org.fusesource.hawtdispatch.transport.SslTransport.drainInbound(SslTransport.java:274)
at
org.fusesource.hawtdispatch.transport.TcpTransport$6.run(TcpTransport.java:588)
at
org.fusesource.hawtdispatch.internal.NioDispatchSource$3.run(NioDispatchSource.java:209)
at
org.fusesource.hawtdispatch.internal.SerialDispatchQueue.run(SerialDispatchQueue.java:100)
at
org.fusesource.hawtdispatch.internal.pool.SimpleThread.run(SimpleThread.java:77)
==> connection.log <==
2014-04-25 10:35:47,977 disconnected: local:/127.0.0.1:61614,
remote:/127.0.0.1:42632
I'm trying to install Apollo 1.7 and set SSL with my own server
certificate (issued by startcom).
Steps performed:
1. Created JKS
2. Imported my private key using keytool
3. Configured apollo.xml to use my new keytool.
Now the web admin HTTPS interface works fine, but its the ssl connection
to the mqtt broker that isn't working. I've been testing using
mosquitto_pub and get this:
mosquitto_pub -h dev.kaya.io -p 61614 -f ~/input -t chazman --cafile
/media/truecrypt1/SSL/kaya-startssl/ca.pem -d
Client mosqpub/10571-brahma sending CONNECT
OpenSSL Error: error:14090086:SSL
routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
Error: Protocol error
In my Stacktrace.log I get these errors below. Does anyone have any
ideas whats wrong?
--- LOGS
==> connection.log <==
2014-04-25 10:35:47,614 connected: local:/127.0.0.1:61614,
remote:/127.0.0.1:42632
==> apollo.log <==
2014-04-25 10:35:47,972 | INFO | javax.net.ssl.SSLException: Received
fatal alert: unknown_ca | 14596bd0785
==> stacktrace.log <==
2014-04-25 10:35:47,973 | INFO | stackref=14596bd0785
javax.net.ssl.SSLException: Received fatal alert: unknown_ca
at sun.security.ssl.Alerts.getSSLException(Alerts.java:208)
at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1630)
at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1598)
at sun.security.ssl.SSLEngineImpl.recvAlert(SSLEngineImpl.java:1767)
at sun.security.ssl.SSLEngineImpl.readRecord(SSLEngineImpl.java:1063)
at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:887)
at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:761)
at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624)
at
org.fusesource.hawtdispatch.transport.SslTransport.secure_read(SslTransport.java:369)
at
org.fusesource.hawtdispatch.transport.SslTransport.handshake(SslTransport.java:434)
at
org.fusesource.hawtdispatch.transport.SslTransport.drainInbound(SslTransport.java:274)
at
org.fusesource.hawtdispatch.transport.TcpTransport$6.run(TcpTransport.java:588)
at
org.fusesource.hawtdispatch.internal.NioDispatchSource$3.run(NioDispatchSource.java:209)
at
org.fusesource.hawtdispatch.internal.SerialDispatchQueue.run(SerialDispatchQueue.java:100)
at
org.fusesource.hawtdispatch.internal.pool.SimpleThread.run(SimpleThread.java:77)
==> connection.log <==
2014-04-25 10:35:47,977 disconnected: local:/127.0.0.1:61614,
remote:/127.0.0.1:42632