activemq-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "James Strachan" <james.strac...@gmail.com>
Subject Re: SSL Support
Date Wed, 15 Mar 2006 16:27:12 GMT
Awesome stuff Steve - thanks for figuring that out :)

I've updated the wiki a little
http://docs.codehaus.org/display/ACTIVEMQ/ActiveMQ+4+Connection+URIs

and added your warning to the new SSL page
http://docs.codehaus.org/display/ACTIVEMQ/SSL+Transport+Reference

I wonder if we can patch the code so that if you are using multicast
discovery with Network Connectors, we auto-detect ourselves and don't try to
connect?

e.g. with multicast we can enable loopbackMode to avoid sending multicast
datagrams to ourselves.

you could try...

<networkConnector uri="multicast://default?loopBackMode=true"/>

If that fixes it, we should probably enable loopBackMode by default in
multicast discovery

James


On 3/15/06, Steve Barham <steve.barham@formicary.net> wrote:
>
> Well, that was a worthwhile email! Have resolved the issue; here's the
> summary for those who are interested. FWIW, I think it's worth updating
> the Wiki entry to reflect this:
>
> Steps post-wiki:
>
> 1. Find in activemq.xml:
>
>        <transportConnector uri="tcp://localhost:61616"
> discoveryUri="multicast://default"/>
>
>    Replace with:
>
>        <transportConnector uri="ssl://localhost:61616"
> discoveryUri="multicast://default"/>
>
> 2. Find in activemq.xml:
>
>        <networkConnector uri="multicast://default"/>
>
>    Replace with:
>
>        <!--<networkConnector uri="multicast://default"/>-->
>
> 3. Alter your client to connect using the ssl:// form rather than tcp://
>
> The reason that you need to comment out the networkConnector element is to
> prevent ActiveMQ connecting to itself - if you do this with a self-signed
> certificate, you will get a constant spam of certificate_unknown
> stacktraces to the console, as the broker is not configured with the
> truststore set up in the wiki.
>
> Cheers,
>
> steve
>
>
>
> <networkConnector uri="multicast://default"/>
>
>
> > Hi,
> >
> > I've run through the standard wiki entry on using SSL with ActiveMQ.
> This
> > doesn't seem to actually indicate how to enable SSL, however - at least
> > for my configuration.
> >
> > I'm currently using ActiveMQ 3.2.2, and the server will start correctly
> > and reject plaintext connections, once I changed the connector to:
> >
> > <tcpServerTransport uri="ssl://localhost:61616" backlog="1000"
> > useAsyncSend="true" maxOutstandingMessages="50"/>
> >
> > On the client however, I am unable to use this URI to connect to
> ActiveMQ;
> > specifying it results in the following error:
> >
> > javax.jms.JMSException: Could not load protocol: SSL. Reason:
> > java.io.IOException: Could not find class for resource:
> > META-INF/services/org/activemq/transport/SSL
> >       at
> > org.activemq.transport.TransportChannelProvider.createJMSexception(
> TransportChannelProvider.java:86)
> >       at
> > org.activemq.transport.TransportChannelProvider.getFactory(
> TransportChannelProvider.java:77)
> >       at
> > org.activemq.ActiveMQConnectionFactory.createTransportChannel(
> ActiveMQConnectionFactory.java:801)
> >       at
> > org.activemq.ActiveMQConnectionFactory.createConnection(
> ActiveMQConnectionFactory.java:608)
> >       at
> > org.activemq.ActiveMQConnectionFactory.createConnection(
> ActiveMQConnectionFactory.java:598)
> >
> > Is there another step for ActiveMQ 3.x to enable SSL?
> >
> > Should I be using ActiveMQ 4? When I downloaded, 3.x was the latest
> stable
> > release.
> >
> > Cheers.
> >
> > Steve
> >
> >
> >
> >
> >
>
>
> --
> Steve Barham                       tel: +44 (0)7973 199 471
> Systems Engineer
> Formicary - delivering quality financial technology solutions
> http://www.formicary.net/
>
>


--

James
-------
http://radio.weblogs.com/0112098/

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message