activemq-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From build...@apache.org
Subject svn commit: r984412 - in /websites/production/activemq/content: cache/main.pageCache how-do-i-use-ssl.html
Date Fri, 01 Apr 2016 12:22:00 GMT
Author: buildbot
Date: Fri Apr  1 12:22:00 2016
New Revision: 984412

Log:
Production update by buildbot for activemq

Modified:
    websites/production/activemq/content/cache/main.pageCache
    websites/production/activemq/content/how-do-i-use-ssl.html

Modified: websites/production/activemq/content/cache/main.pageCache
==============================================================================
Binary files - no diff available.

Modified: websites/production/activemq/content/how-do-i-use-ssl.html
==============================================================================
--- websites/production/activemq/content/how-do-i-use-ssl.html (original)
+++ websites/production/activemq/content/how-do-i-use-ssl.html Fri Apr  1 12:22:00 2016
@@ -136,9 +136,12 @@ javax.net.ssl.trustStore=/path/to/client
                     trustStorePassword="password"
                     crlPath="org/apache/activemq/security/activemq-revoke.crl"/>
     &lt;/sslContext&gt;</pre>
-</div></div><p>This list is static and loaded on broker startup. You can
also enable more advanced&#160;Online Certificate Status Protocol (OCSP) protocol by setting
appropriate system properties (in <code>${ACTIVEMQ_HOME}/bin/env</code>) like</p><div
class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent
pdl">
-<pre class="brush: java; gutter: false; theme: Default" style="font-size:12px;">ACTIVEMQ_SSL_OPTS="-Dcom.sun.security.enableCRLDP=true
-Docsp.enable=true -Docsp.responderURL=http://ocsp.example.net:80"</pre>
-</div></div><h3 id="HowdoIuseSSL-WorkingAroundJava7SSLBugs">Working Around
Java 7 SSL Bugs</h3><p>As noted by issue AMQ-5970, it seems some versions of Java
7 have problems with SSL sessions that need to use the Diffie-Hellman cypher suite. If you
run into this issue, just copy the Bouncy Castle bcprov-jdk15on-148.jar to ActiveMQ's lib
directory and restart your broker.</p><h3 id="HowdoIuseSSL-Usefullinks">Useful
links</h3><p>These links might also help</p><ul><li><a shape="rect"
class="external-link" href="http://java.sun.com/j2se/1.4.2/docs/guide/security/jsse/JSSERefGuide.html#CreateKeystore"
rel="nofollow">Sun's JSSE guide</a></li><li><a shape="rect" class="external-link"
href="https://search.thawte.com/support/ssl-digital-certificates/index?page=content&amp;id=SO10061"
rel="nofollow">Thawte SSL Troubleshooting Tips</a></li></ul></div>
+</div></div><p>This list is static and loaded on broker startup.</p><p>Starting
with version <strong>5.14.0</strong>, you can also enable more advanced&#160;Online
Certificate Status Protocol (OCSP) protocol. For that you need to configure a location for
the<code> java.security</code> configuration extension by setting appropriate
system properties (in <code>${ACTIVEMQ_HOME}/bin/env</code>) like</p><div
class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent
pdl">
+<pre class="brush: java; gutter: false; theme: Default" style="font-size:12px;">ACTIVEMQ_SSL_OPTS="-Djava.security.properties=$ACTIVEMQ_CONF/java.security"</pre>
+</div></div><p>Then you need to configure OCSP responder properties in
<code>java.security</code> file like</p><div class="code panel pdl" style="border-width:
1px;"><div class="codeContent panelContent pdl">
+<pre class="brush: java; gutter: false; theme: Default" style="font-size:12px;">ocsp.enable=true
+ocsp.responderURL=http://ocsp.example.net:80</pre>
+</div></div><p>A demo of the broker configuration working with OCSP responder
can be found at&#160;<a shape="rect" class="external-link" href="https://github.com/dejanb/sslib"
rel="nofollow">https://github.com/dejanb/sslib</a></p><h3 id="HowdoIuseSSL-WorkingAroundJava7SSLBugs">Working
Around Java 7 SSL Bugs</h3><p>As noted by issue AMQ-5970, it seems some versions
of Java 7 have problems with SSL sessions that need to use the Diffie-Hellman cypher suite.
If you run into this issue, just copy the Bouncy Castle bcprov-jdk15on-148.jar to ActiveMQ's
lib directory and restart your broker.</p><h3 id="HowdoIuseSSL-Usefullinks">Useful
links</h3><p>These links might also help</p><ul><li><a shape="rect"
class="external-link" href="http://java.sun.com/j2se/1.4.2/docs/guide/security/jsse/JSSERefGuide.html#CreateKeystore"
rel="nofollow">Sun's JSSE guide</a></li><li><a shape="rect" class="external-link"
href="https://search.thawte.com/support/ssl-digital-certificates/index?page=content&amp;id=SO1
 0061" rel="nofollow">Thawte SSL Troubleshooting Tips</a></li></ul></div>
         </td>
         <td valign="top">
           <div class="navigation">



Mime
View raw message