activemq-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dejan Bosanac <de...@nighttale.net>
Subject Re: Configuring SSL in a network of brokers
Date Tue, 04 May 2010 12:47:19 GMT
Hi Jim.

you can notice

        <sslContext>
            <sslContext keyStore="file:${activemq.base}/conf/broker.ks"
              keyStorePassword="password"
trustStore="file:${activemq.base}/conf/broker.ts"
              trustStorePassword="password"/>
        </sslContext>

in activemq-demo.xml which is used to configure locations and passwords for
key and trust stores.

Cheers
--
Dejan Bosanac - http://twitter.com/dejanb

Open Source Integration - http://fusesource.com/
ActiveMQ in Action - http://www.manning.com/snyder/
Blog - http://www.nighttale.net


On Sun, May 2, 2010 at 11:26 PM, Jim Lloyd <jlloyd@silvertailsystems.com>wrote:

> We have a relative simple topology where there are a few machines
> configured
> as network of brokers. Each machine has one broker, and then one or more
> activemq client applications. Each client only connects to the broker on
> local host. Every broker statically connects to every other broker.
>
> We have a requirement that all traffic on the wire be encrypted, so we are
> using SSL for the network connectors between brokers. The local traffic
> between the clients and the localhost broker uses plaintext openwire, i.e.
> a
> tcp transport.
>
> The relative section from the .conf file looks something like this:
>
>        <networkConnectors>
>            <networkConnector name="superman-to-batman"
> uri="static:(ssl://batman:24001)"/>
>            <networkConnector name="superman-to-flash"
> uri="static:(ssl://flash:24001)"/>
>        </networkConnectors>
>
>        <transportConnectors>
>            <transportConnector name="open" uri="tcp://127.0.0.1:24002" />
>            <transportConnector name="ssl" uri="ssl://0.0.0.0:24001" />
>        </transportConnectors>
>
> For testing purposes we have been using the demo broker.ks, broker.ts,
> client,ks, client.ts files that ship with activemq. We now want to generate
> our own files. I've read
> how-do-i-use-ssl<http://activemq.apache.org/how-do-i-use-ssl.html> but
> there is something mysterious to me that I want to understand.
>
> I see in activemq-demo.xml where the broker.ks and broker.ts files are
> configured, but I don't see where client.ks and client.ts are configured.
> These files are referenced in
> how-do-i-use-ssl<http://activemq.apache.org/how-do-i-use-ssl.html>,
> where it says:
>
> When starting the client's VM, specify the following system properties:
>
> javax.net.ssl.keyStore=/path/to/client.ks
> javax.net.ssl.keyStorePassword=password
> javax.net.ssl.trustStore=/path/to/client.ts
>
>
> However, we never did this to our configuration, and I can't find where it
> might have been done for us in the default configuration.
>
> So, all this boils down to the simple question: how does activemq-demo.xml
> work? Where is client.ks and client.ts configured for this demo?
>
> Thanks,
> Jim Lloyd
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message