Apache Apollo has been abandoned. If it is unnecessary, Apache ActiveMQ 5 is recommended
1. Download Apollo 1.7.1 and create a broker according to the official example. The following warning appears:
Creating apollo instance at: testBroker
Generating ssl keystore...
Warning:
JKS keystore uses a proprietary format. It is recommended to use "keytool -importkeystore -srckeystore keystore -destkeystore keystore -deststoretype pkcs12" to migrate to the industry standard format PKCS12.
You can now start the broker by executing:
"E:\environment\apache\apollo\apache-apollo-1.7.1\testBroker\bin\apollo-broker" run
Or you can setup the broker as Windows service and run it in the background:
"E:\environment\apache\apollo\apache-apollo-1.7.1\testBroker\bin\apollo-broker-service" install
"E:\environment\apache\apollo\apache-apollo-1.7.1\testBroker\bin\apollo-broker-service" startThe following warning appears after running
WARN | javax.net.ssl.SSLException: Received fatal alert: certificate_unknownAccording to the content of the warning, we can probably guess that we need to upgrade the format of JKS keystore
Find the keystore generated when creating the broker, which is usually in the folder named etc in the broker directory
Windows opens the command prompt, enters the etc directory, and enters the following command
keytool -importkeystore -srckeystore keystore -destkeystore keystore -deststoretype pkcs12Prompt for source keystore password
Check the Apache Apollo source code to find the password, and find the place to generate the keystore in the brokercreate.scala file under the directory Apollo broker, SRC, main, Scala, org, Apache, ActiveMQ, Apollo, broker, as follows:
// Generate a keystore with a new key
val ssl = with_ssl && {
out.println("Generating ssl keystore...")
val rc = system(etc, Array(
"keytool", "-genkey",
"-storetype", "JKS",
"-storepass", "password",
"-keystore", "keystore",
"-keypass", "password",
"-alias", host,
"-keyalg", "RSA",
"-keysize", "4096",
"-dname", "cn=%s".format(host),
"-validity", "3650"))==0
if(!rc) {
out.println("WARNING: Could not generate the keystore, make sure the keytool command is in your PATH")
}
rc
}The password is password. Enter the password to display the following information:
Entries with the alias mybroker were successfully imported.
Completed import command: 1 entry successfully imported, 0 entries failed or cancelled
Warning:
Migrated "keystore" to Non JKS/JCEKS. made a backup of JKS keystore as "keystore.old".When running broker, the following warning information still exists in the output content, but it does not affect the basic use
WARN | javax.net.ssl.SSLException: Received fatal alert: certificate_unknown
WARN | javax.net.ssl.SSLException: Received fatal alert: certificate_unknown
WARN | javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack?
WARN | javax.net.ssl.SSLException: Inbound closed before receiving peer's close_notify: possible truncation attack?Similar Posts:
- SSL connection error: javax.net.ssl.sslhandshakeexception
- [How to Solve] UnrecoverableKeyException: Cannot recover key
- [Fixed] lazarus LAMW release-keystore.bat Could not Generate .keystore Files
- [Solved] javax.net.ssl.SSLException: Received fatal alert: protocol_version
- Azkaban Start web–javax.net.ssl.SSLException: Unrecognized SSL message, plaintext connection? at sun.se
- [Solved] javax.net.ssl.SSLHandshakeException: Received fatal alert: handshake_failure
- Send QQ e-mail message prompt: error in certificate certificate is not trusted
- Elasticsearch configuration cluster + elk error Summary and Solution
- [Solved] Uniapp packaging IOS error: Apple root certificate is not installed in the current system
- [Solved] remote: HTTP Basic: Access denied Authentication failed for ‘https://’