activemq-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jim Lloyd <jll...@silvertailsystems.com>
Subject Configuring SSL in a network of brokers
Date Sun, 02 May 2010 21:26:07 GMT
We have a relative simple topology where there are a few machines configured
as network of brokers. Each machine has one broker, and then one or more
activemq client applications. Each client only connects to the broker on
local host. Every broker statically connects to every other broker.

We have a requirement that all traffic on the wire be encrypted, so we are
using SSL for the network connectors between brokers. The local traffic
between the clients and the localhost broker uses plaintext openwire, i.e. a
tcp transport.

The relative section from the .conf file looks something like this:

        <networkConnectors>
            <networkConnector name="superman-to-batman"
uri="static:(ssl://batman:24001)"/>
            <networkConnector name="superman-to-flash"
uri="static:(ssl://flash:24001)"/>
        </networkConnectors>

        <transportConnectors>
            <transportConnector name="open" uri="tcp://127.0.0.1:24002" />
            <transportConnector name="ssl" uri="ssl://0.0.0.0:24001" />
        </transportConnectors>

For testing purposes we have been using the demo broker.ks, broker.ts,
client,ks, client.ts files that ship with activemq. We now want to generate
our own files. I've read
how-do-i-use-ssl<http://activemq.apache.org/how-do-i-use-ssl.html> but
there is something mysterious to me that I want to understand.

I see in activemq-demo.xml where the broker.ks and broker.ts files are
configured, but I don't see where client.ks and client.ts are configured.
These files are referenced in
how-do-i-use-ssl<http://activemq.apache.org/how-do-i-use-ssl.html>,
where it says:

When starting the client's VM, specify the following system properties:

javax.net.ssl.keyStore=/path/to/client.ks
javax.net.ssl.keyStorePassword=password
javax.net.ssl.trustStore=/path/to/client.ts


However, we never did this to our configuration, and I can't find where it
might have been done for us in the default configuration.

So, all this boils down to the simple question: how does activemq-demo.xml
work? Where is client.ks and client.ts configured for this demo?

Thanks,
Jim Lloyd

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message