CODEWITHSUNDEEP
javasslencryptionhttpsactivemq-classic
user3654396
user3654396

Reputation: 41

ActiveMQ, SSL, and transport connectors

Using this site as a guide:

http://activemq.apache.org/how-do-i-use-ssl.html

I performed the following (I added a little to the keytool commands found within th esite)

keytool -genkey -alias broker -keyalg RSA -keystore /home/amq/broker.ks -dname "CN=server, O=IBM, C=GB" -keypass passw0rd -storepass passw0rd

keytool -export -alias broker -keystore /home/amq/broker.ks -file /home/amq/broker_cert -storepass passw0rd

keytool -genkey -alias client -keyalg RSA -keystore /home/client/client.ks -dname "CN=client, O=IBM, C=GB" -keypass passw0rd -storepass passw0rd

keytool -import -alias broker -keystore /home/client/client.ts -file /home/amq/broker_cert -storepass passw0rd

keytool -export -alias client -keystore /home/client/client.ks -file /home/client/client_cert -storepass passw0rd

keytool -import -alias client -keystore /home/amq/broker.ts -file /home/client/client_cert -storepass passw0rd

Now the keystore and trust store are created, I started the broker

export SSL_OPTS=-Djavax.net.ssl.keyStore=/home/amq/broker.ks\ -Djavax.net.ssl.keyStorePassword=passw0rd\ -Djavax.net.ssl.trustStore=/home/amq/broker.ts

cd /usr/local/activemq/apache-activemq-5.9.0
bin/activemq console

So far, all is good, and what I want to do is take the ProducerTool.java that ships with the installation, and run it agaisnt the SSL

I am somewhat mystified by the documentation, as follows

Using Spring to configure SSL for a Broker instance

Sometimes the use of javax.net.ssl.* system properties is not appropriate as they effect all SSL users in a JVM. ActiveMQ 5.2.x adds an element to the that allows a broker specific set of SSL properties to be configured.

The SslContext test case validates starting an SSL transport listener using the configuration specified in the broker Xbean. The SslContext element is added to the broker as follows: 

<amq:sslContext>
  <amq:sslContext
        keyStore="server.keystore" keyStorePassword="password"
        trustStore="client.keystore" trustStorePassword="password"/>
</amq:sslContext>

<amq:transportConnectors>
  <amq:transportConnector uri="ssl://localhost:61616" />
</amq:transportConnectors>
</amq:broker> </beans>

The SslContext is used to configure the SslTransportFactory for that broker. Full details of the configuration options available can be seen in the schema definition or in the accessors of org.apache.activemq.spring.SpringSslContext

What I gather from this is that since I do not care that all JVM users will be forced to use SSL, I am good, and do not need any Spring configurations. (At least I hope so)

I am bothered by 2 thingss

1> Am I correct in believing that I do not need to perform any Spring configuration, and I can simply use the -Djava options

2> Nor do I think I need the ssl transport connector, that I should just be able to run the ProducerTool.java code and be good to go. Why do I think this, because if I need to add the SSL transport connector to the borker that is extra config, and it is forcing a change to the source code.

Am I correct in assuming

1> I do not need any Spring changes since I want all JVM users to go with SSL

2> Can I not use the ssl transport connector, and simply use the ProducerTool.java, essentially making the default connection use SSL ?

Thanks

Upvotes: 4

Views: 1813

Answers (1)

user3407479
user3407479

Reputation: 287

It is a JMS client, so either way (eith the SSL transport, or without), the client will connect to port 61616, since the SSL transport is configured as 61616

But I can not tell from the documentation whether the transport is a requirement or not

Any ideas

Upvotes: 1

Related Questions