Setting up ActiveMQ with HTTPS REST

Question

By following https://activemq.apache.org/rest.html, I'm able to push messages via the REST API (e.g. curl -u admin:admin -d "body=message" http://localhost:8161/api/message/TEST?type=queue works, and I can see in the admin console) However, I'd like to be able to use HTTPS. I found https://activemq.apache.org/http-and-https-transports-reference.html and http://troyjsd.blogspot.co.uk/2013/06/activemq-https.html but couldn't manage to make it work. Based on these two outdated/incomplete links:

• I added to conf/activemq.xml
• Imported self-signed certificate into JDK keystore (per http://troyjsd.blogspot.co.uk/2013/06/activemq-https.html)
• Copied xstream and httpclient jars from lib/optional to lib/ (both under ActiveMQ directory, obviously)

So,

1. How can I set ActiveMQ so that it can be used with a HTTPS REST endpoint?
2. Assuming I did step 1, how can I test it (a similar curl command example like the above)?

I use ActiveMQ 5.9.1 and Mac OS 10.9.4

Answer 1

Uncomment the following section of conf/jetty.xml.

<!--
    Enable this connector if you wish to use https with web console
-->
<!--
<bean id="SecureConnector" class="org.eclipse.jetty.server.ssl.SslSelectChannelConnector">
    <property name="port" value="8162" />
    <property name="keystore" value="file:${activemq.conf}/broker.ks" />
    <property name="password" value="password" />
</bean>
-->

Jetty powers not only the WebConsole, but all HTTP stuff in ActiveMQ.

It should work out of the box for testing, but you probably want to roll your own keystore/certificate for real use.

You could use curl as before on port 8162 with HTTPS given you supply the "insecure" flag -k.

Otherwise, you need to create a trust store in pem format and supply it - see this SO for details. Curl accept the argument --cacert <filename.pem> with your certificate or issuing CA in it.