YumYum
Reputation: 51
ActiveMQ 5.16.2 Securing Webconsole using HTTPS
I have followed this guide to secure the ActiveMQ 5.16.2 web console. I made the following configuration in my jetty.xml:
Per default the authentication setting is
true, so I just left it like that:<property name="authenticate" value="true" />I have generated a certificate
amqtest.p12and moved it into theconffolder, i.e.:/home/amquser/apache-activemq-5.16.2/conf/amqtest.p12I have enabled the SecureConnector and changed the keyStorePath and keyStorePassword:
<bean id="SecureConnector" class="org.eclipse.jetty.server.ServerConnector"> <constructor-arg ref="Server" /> <constructor-arg> <bean id="handlers" class="org.eclipse.jetty.util.ssl.SslContextFactory"> <property name="keyStorePath" value="$file:${activemq.conf}/amqtest.p12" /> <property name="keyStorePassword" value="changeit" /> </bean> </constructor-arg> <property name="port" value="8162" /> </bean>
Unfortunately, I receive the following when I try to start ActiveMQ:
INFO | Starting Jetty server
INFO | Creating Jetty connector
WARN | [email protected]@1ecfcbc9{/,null,STARTING} has uncovered http methods for path: /
INFO | Listening for connections at ws://amqtest:61614?maximumConnections=1000&wireFormat.maxFrameSize=104857600
INFO | Connector ws started
INFO | Apache ActiveMQ 5.16.2 (localhost, ID:amqtest-33843-1626808816420-0:1) started
INFO | For help or more information please see: http://activemq.apache.org
WARN | Store limit is 102400 mb (current store usage is 0 mb). The data directory: /home/amquser/apache-activemq-5.16.2/data/kahadb only has 2905 mb of usable space. - resetting to maximum available disk space: 2905 mb
WARN | Temporary Store limit is 51200 mb (current store usage is 0 mb). The data directory: /home/amquser/apache-activemq-5.16.2/data only has 2905 mb of usable space. - resetting to maximum available disk space: 2905 mb
INFO | ActiveMQ WebConsole available at http://0.0.0.0:8161/
INFO | ActiveMQ Jolokia REST API available at http://0.0.0.0:8161/api/jolokia/
WARN | Exception encountered during context initialization - cancelling refresh attempt: org.springframework.beans.factory.BeanCreationException: Error creating bean with name 'invokeStart' defined in class path resource [jetty.xml]: Invocation of init method failed; nested exception is java.lang.IllegalStateException: /home/amquser/apache-activemq-5.16.2/bin/$file:/home/amquser/apache-activemq-5.16.2/conf/amqtest.p12 is not a valid keystore
INFO | Apache ActiveMQ 5.16.2 (localhost, ID:amqtest-33843-1626808816420-0:1) is shutting down
INFO | Connector openwire stopped
INFO | Connector amqp stopped
INFO | Connector stomp stopped
INFO | Connector mqtt stopped
INFO | Connector ws stopped
INFO | Broker Plugin org.apache.activemq.broker.util.DestinationPathSeparatorBroker stopped
INFO | PListStore:[/home/amquser/apache-activemq-5.16.2/data/localhost/tmp_storage] stopped
INFO | Stopping async queue tasks
INFO | Stopping async topic tasks
INFO | Stopped KahaDB
INFO | Apache ActiveMQ 5.16.2 (localhost, ID:amqtest-33843-1626808816420-0:1) uptime 1.539 seconds
INFO | Apache ActiveMQ 5.16.2 (localhost, ID:amqtest-33843-1626808816420-0:1) is shutdown
INFO | Closing org.apache.activemq.xbean.XBeanBrokerFactory$1@6973b51b: startup date [Tue Jul 20 19:20:15 GMT 2021]; root of context hierarchy
ERROR | Failed to load: class path resource [activemq.xml], reason: Error creating bean with name 'invokeStart' defined in class path resource [jetty.xml]: Invocation of init method failed; nested exception is java.lang.IllegalStateException: /home/amquser/apache-activemq-5.16.2/bin/$file:/home/amquser/apache-activemq-5.16.2/conf/amqtest.p12 is not a valid keystore
I have generated the cert with an Ansible script provided by my project team. I have also generated another cert with this Ansible script before and it worked to activate ActiveMQ 5.7.0 web console. Thus, I would assume that it was correctly generated.
Upvotes: 0
Views: 1166
Answers (1)
Justin Bertram
Reputation: 35217
Try using this in your jetty.xml:
<property name="keyStorePath" value="${activemq.conf}/amqtest.p12" />
You have an extra $file: in there that's messing it up. You can see this in the error message:
java.lang.IllegalStateException: /home/amquser/apache-activemq-5.16.2/bin/$file:/home/amquser/apache-activemq-5.16.2/conf/amqtest.p12 is not a valid keystore```
Upvotes: 1
Related Questions
- ActiveMQ over SSL: "acceptInvalidBrokerCert=true" not working
- How to configure SSL on ActiveMQ Artemis Cluster
- Deactivate HTTP access for ActiveMQ 5.16.2 web console
- Configuring ActiveMQ Webconsole to redirect HTTP to HTTPS
- ActiveMQ bad certificate when introduce SSL
- I have a with JMS - ActiveMQ using http and https protocols
- ActiveMQ queue authentication by certificate
- Setting up ActiveMQ with HTTPS REST
- Problems configuring https for Active Mq broker created in spring
- ActiveMQ and Client identity through certificate authentication