certificateunknown.xml - activemq-web - Git at Google

 <div class="wiki-content maincontent"><p>If you get an error something like this...</p>

 <structured-macro ac:macro-id="0708482b-8175-421f-9fe9-85a126b5b52c" ac:name="code" ac:schema-version="1"><plain-text-body>
 javax.jms.JMSException: start failed: Received fatal alert: certificate_unknown
        at org.activemq.transport.tcp.TcpTransportChannel.start(TcpTransportChannel.java:200)
        at org.activemq.broker.impl.BrokerConnectorImpl.addClient(BrokerConnectorImpl.java:308)
        at org.activemq.transport.TransportServerChannelSupport.addClient(TransportServerChannelSupp
        at org.activemq.transport.tcp.TcpTransportServerChannel.run(TcpTransportServerChannel.java:1
        at java.lang.Thread.run(Unknown Source)
 Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown
        at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
        at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.recvAlert(Unknown Source)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
        at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readDataRecord(Unknown Source)
        at com.sun.net.ssl.internal.ssl.AppInputStream.read(Unknown Source)
        at java.io.BufferedInputStream.fill(Unknown Source)
 </plain-text-body></structured-macro>

 <p>when you are trying to use SSL to connect to ActiveMQ then the "certificate_unknown" error shows on the broker when the client doesn't trust the broker's certificate.  On the client, I would see an error as well: "No trusted certificate found".  </p>

 <h3>Fix</h3>

 <p>Make sure that you exported the broker's certificate (step 2 in <link><page ri:content-title="How do I use SSL"></page></link>) and imported it on the client into a truststore (step 4).  If you did those, did you specify the javax.net.ssl.trustStore system property when you started your client VM? </p></div>
	<div class="wiki-content maincontent"><p>If you get an error something like this...</p>

	<structured-macro ac:macro-id="0708482b-8175-421f-9fe9-85a126b5b52c" ac:name="code" ac:schema-version="1"><plain-text-body>
	javax.jms.JMSException: start failed: Received fatal alert: certificate_unknown
	at org.activemq.transport.tcp.TcpTransportChannel.start(TcpTransportChannel.java:200)
	at org.activemq.broker.impl.BrokerConnectorImpl.addClient(BrokerConnectorImpl.java:308)
	at org.activemq.transport.TransportServerChannelSupport.addClient(TransportServerChannelSupp
	at org.activemq.transport.tcp.TcpTransportServerChannel.run(TcpTransportServerChannel.java:1
	at java.lang.Thread.run(Unknown Source)
	Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown
	at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
	at com.sun.net.ssl.internal.ssl.Alerts.getSSLException(Unknown Source)
	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.recvAlert(Unknown Source)
	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readRecord(Unknown Source)
	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.performInitialHandshake(Unknown Source)
	at com.sun.net.ssl.internal.ssl.SSLSocketImpl.readDataRecord(Unknown Source)
	at com.sun.net.ssl.internal.ssl.AppInputStream.read(Unknown Source)
	at java.io.BufferedInputStream.fill(Unknown Source)
	</plain-text-body></structured-macro>

	<p>when you are trying to use SSL to connect to ActiveMQ then the "certificate_unknown" error shows on the broker when the client doesn't trust the broker's certificate. On the client, I would see an error as well: "No trusted certificate found". </p>

	<h3>Fix</h3>

	<p>Make sure that you exported the broker's certificate (step 2 in <link><page ri:content-title="How do I use SSL"></page></link>) and imported it on the client into a truststore (step 4). If you did those, did you specify the javax.net.ssl.trustStore system property when you started your client VM? </p></div>