Open manishteotiarms opened 1 week ago
I can reproduce this issue on my Kubernetes cluster with trust-manager:v0.12.0. For some reason it doesn't create the key truststore.jks
in the config map ca-bundle
. Indeed if you enable SSL debugging before executing the producer command you should get the error certificate_unknown
:
export DEBUG_ARGS='-Djavax.net.debug=ssl,handshake'
./artemis producer --user admin --password admin --url...
Anyway the Setting up SSL with cert-manager and trust-manager page is outdated because the latest broker versions support PEM certificates. This means that the tutorial doens't need anymore the additional jks format.
Describe the bug
I am new to Artemis and Kubernetes, and by following the information provided in the examples present in this repo, we were able to get the artemis server runnning successfully on kubernetes.
However we are experiencing a TLS hostname verification error while sending messages to the broker over SSL. We are following the instructions provided in the Setting up SSL with cert-manager and trust-manager page.
Steps to Reproduce:
NOTE: Picked up JDK_JAVA_OPTIONS: -Dbroker.properties=/amq/extra/secrets/artemis-broker-props/broker.properties Connection brokerURL = tcp://artemis-broker-ss-0:61618 Connection failed::Failed to create session factory
2024-10-08 10:54:05,657 WARN [org.apache.activemq.artemis.core.server] AMQ222208: SSL handshake failed for client from /...:51174: java.security.cert.CertificateException: No subject alternative names matching IP address ... found.
[jboss@artemis-broker-ss-0 bin]$ host ... .*...in-addr.arpa domain name pointer -*--.artemis-broker-ssl-0-svc.myproject.svc.cluster.local. .*...in-addr.arpa domain name pointer -*--.artemis-broker-ping-svc.myproject.svc.cluster.local. ....in-addr.arpa domain name pointer artemis-broker-ss-0.artemis-broker-hdls-svc.myproject.svc.cluster.local.