Return-Path: Delivered-To: apmail-activemq-users-archive@www.apache.org Received: (qmail 36753 invoked from network); 14 Feb 2007 10:37:42 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 14 Feb 2007 10:37:42 -0000 Received: (qmail 32742 invoked by uid 500); 14 Feb 2007 10:37:49 -0000 Delivered-To: apmail-activemq-users-archive@activemq.apache.org Received: (qmail 32714 invoked by uid 500); 14 Feb 2007 10:37:49 -0000 Mailing-List: contact users-help@activemq.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: users@activemq.apache.org Delivered-To: mailing list users@activemq.apache.org Received: (qmail 32705 invoked by uid 99); 14 Feb 2007 10:37:49 -0000 Received: from herse.apache.org (HELO herse.apache.org) (140.211.11.133) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 14 Feb 2007 02:37:49 -0800 X-ASF-Spam-Status: No, hits=-0.0 required=10.0 tests=SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (herse.apache.org: domain of james.strachan@gmail.com designates 66.249.92.175 as permitted sender) Received: from [66.249.92.175] (HELO ug-out-1314.google.com) (66.249.92.175) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 14 Feb 2007 02:37:39 -0800 Received: by ug-out-1314.google.com with SMTP id m3so174632ugc for ; Wed, 14 Feb 2007 02:37:18 -0800 (PST) DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=mbmig9SExzn/lvIlRKfBz9A6vp08nj9TZTFJl+cRXADsh0lpgXqR8YbdTfZS/4FdgHLaPuejCQRsfXcraiGaTja0eTSLO38O7N8noffM1r0/VimeICnZqc+EDgqTVofc7auGe1UVWaLmB/LtqUumAaSnZs39GQLzxBIxOVzlKj8= Received: by 10.78.47.15 with SMTP id u15mr214428huu.1171449437797; Wed, 14 Feb 2007 02:37:17 -0800 (PST) Received: by 10.78.155.6 with HTTP; Wed, 14 Feb 2007 02:37:17 -0800 (PST) Message-ID: Date: Wed, 14 Feb 2007 10:37:17 +0000 From: "James Strachan" To: users@activemq.apache.org Subject: Re: Custom SSL certificate handler In-Reply-To: MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline References: X-Virus-Checked: Checked by ClamAV on apache.org On 2/14/07, J. Matthew Pryor wrote: > We are using SSL to allow clients and servers to connect together > with Lingo doing the actual RPC mechanism on top of ActiveMQ (no > persistent store). > > I have read http://activemq.apache.org/how-do-i-use-ssl.html and this > is fine is all the certificates are know before the JVM starts up, > but we need to be able to allow new certificates at any time (with > user interaction/authorisation). > > I haven't had a lot of luck looking for more information on how to > set up certificate providers etc to allow for dynamic checking of > certificates prior to connection. > > The major benefit we want is that the client can dynamically decide > if if wants to allow a connection, but once the connection is > established it has all the benefits of an SSL connection. > > Pointers appreciated There's not a whole lot of documentation available, since noone's ever tried this I'm afraid :) The best starting point is here... http://activemq.apache.org/security.html I've just tacked on a little section at the end to describe how to write your own custom security plugin (it'll take 1-2 hours for the site to update, so here's the wiki until then...) http://cwiki.apache.org/confluence/display/ACTIVEMQ/Security -- James ------- http://radio.weblogs.com/0112098/