<acceptor name="artemis">tcp://0.0.0.0:61616?trustStorePath=/var/lib/artemis-instance/etc/truststore.jks;trustStorePassword=ENC(.....);keyStorePath=/var/lib/artemis-instance/etc/keystore.jks;keyStorePassword=ENC(.....)</acceptor>
<remote-connector name="artemis-master" socket-binding="remote-artemis-master" ssl-context="artemis-remote-ssl">
ERROR [org.apache.activemq.artemis.core.client] (MSC service thread 1-4) AMQ214016: Failed to create netty connection: javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at java.base/sun.security.ssl.Alert.createSSLException(Alert.java:131)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:371)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:314)
at java.base/sun.security.ssl.TransportContext.fatal(TransportContext.java:309)
at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1357)
at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.onConsumeCertificate(CertificateMessage.java:1232)
at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.consume(CertificateMessage.java:1175)
at java.base/sun.security.ssl.SSLHandshake.consume(SSLHandshake.java:396)
at java.base/sun.security.ssl.HandshakeContext.dispatch(HandshakeContext.java:480)
at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1277)
at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask$DelegatedAction.run(SSLEngineImpl.java:1264)
at java.base/java.security.AccessController.doPrivileged(AccessController.java:712)
at java.base/sun.security.ssl.SSLEngineImpl$DelegatedTask.run(SSLEngineImpl.java:1209)
at io.netty.ne...@4.1.87.Final//io.netty.handler.ssl.SslHandler.runDelegatedTasks(SslHandler.java:1549)
at io.netty.ne...@4.1.87.Final//io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1395)
at io.netty.ne...@4.1.87.Final//io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1285)
at io.netty.net...@4.1.87.Final//io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:562)
at org.apache.activemq.artemis.journal//org.apache.activemq.artemis.utils.ActiveMQThreadFactory$1.run(ActiveMQThreadFactory.java:118)
Caused by: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:439)
at java.base/sun.security.validator.PKIXValidator.engineValidate(PKIXValidator.java:306)
at java.base/sun.security.validator.Validator.validate(Validator.java:264)
at java.base/sun.security.ssl.X509TrustManagerImpl.checkTrusted(X509TrustManagerImpl.java:285)
at java.base/sun.security.ssl.X509TrustManagerImpl.checkServerTrusted(X509TrustManagerImpl.java:144)
at java.base/sun.security.ssl.CertificateMessage$T13CertificateConsumer.checkServerCerts(CertificateMessage.java:1335)
... 30 more
Caused by: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target
at java.base/sun.security.provider.certpath.SunCertPathBuilder.build(SunCertPathBuilder.java:141)
at java.base/sun.security.provider.certpath.SunCertPathBuilder.engineBuild(SunCertPathBuilder.java:126)
at java.base/java.security.cert.CertPathBuilder.build(CertPathBuilder.java:297)
at java.base/sun.security.validator.PKIXValidator.doBuild(PKIXValidator.java:434)
... 35 more
WARN [org.jboss.activemq.artemis.wildfly.integration.recovery] (MSC service thread 1-4) AMQ122018: Could not start recovery discovery on XARecoveryConfig [transportConfiguration=[TransportConfiguration(name=, factory=org-apache-activemq-artemis-core-remoting-impl-netty-NettyConnectorFactory) ?port=61616&localAddress=127-0-0-1&sslEnabled=true&host=nn74x045-sos-kb-cz&sslContext=artemis-remote-ssl], discoveryConfiguration=null, username=null, password=****, JNDI_NAME=java:jboss/RemoteConnectionFactory], we will retry every recovery scan until the server is available
<system-properties>
<property name="javax.net.ssl.keyStore" value="${jboss.server.config.dir}/${JMS_KEYSTORE}"/>
<property name="javax.net.ssl.keyStorePassword" value="${JMS_KEYSTORE_PASSWORD}"/>
<property name="javax.net.ssl.trustStore" value="${jboss.server.config.dir}/${JMS_TRUSTSTORE}"/>
<property name="javax.net.ssl.trustStorePassword" value=“${JMS_TRUSTSTORE_PASSWORD}"/>
</system-properties>
I would thought that by adding the ssl-context that this would not be necessary. Am I doing something wrong? Or is this normal and I simple have to specify keystore and truststore parameters in two places - ssl-context definition and system-properties?
Thanks