activemq-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jim Lloyd <jll...@silvertailsystems.com>
Subject Re: Configuring SSL in a network of brokers
Date Tue, 04 May 2010 15:26:53 GMT
Hi Dejan,

Yes, I'm sorry if I wasn't clear, but I am well aware of that section for
configuring the server side of ssl transportConnector. I was looking for
more clarity on the client side. Activemq is bundled with client.ts and
client.ks, and as far as I can tell, those files aren't referenced anywhere
by anything else.

Since writing my original question, I think I have figured out enough of
this that now I just need to try some more experiments to confirm my
understanding.

Thanks,
Jim

On Tue, May 4, 2010 at 5:47 AM, Dejan Bosanac <dejan@nighttale.net> wrote:

> Hi Jim.
>
> you can notice
>
>        <sslContext>
>            <sslContext keyStore="file:${activemq.base}/conf/broker.ks"
>              keyStorePassword="password"
> trustStore="file:${activemq.base}/conf/broker.ts"
>              trustStorePassword="password"/>
>        </sslContext>
>
> in activemq-demo.xml which is used to configure locations and passwords for
> key and trust stores.
>
> Cheers
> --
> Dejan Bosanac - http://twitter.com/dejanb
>
> Open Source Integration - http://fusesource.com/
> ActiveMQ in Action - http://www.manning.com/snyder/
> Blog - http://www.nighttale.net
>
>
> On Sun, May 2, 2010 at 11:26 PM, Jim Lloyd <jlloyd@silvertailsystems.com
> >wrote:
>
> > We have a relative simple topology where there are a few machines
> > configured
> > as network of brokers. Each machine has one broker, and then one or more
> > activemq client applications. Each client only connects to the broker on
> > local host. Every broker statically connects to every other broker.
> >
> > We have a requirement that all traffic on the wire be encrypted, so we
> are
> > using SSL for the network connectors between brokers. The local traffic
> > between the clients and the localhost broker uses plaintext openwire,
> i.e.
> > a
> > tcp transport.
> >
> > The relative section from the .conf file looks something like this:
> >
> >        <networkConnectors>
> >            <networkConnector name="superman-to-batman"
> > uri="static:(ssl://batman:24001)"/>
> >            <networkConnector name="superman-to-flash"
> > uri="static:(ssl://flash:24001)"/>
> >        </networkConnectors>
> >
> >        <transportConnectors>
> >            <transportConnector name="open" uri="tcp://127.0.0.1:24002"
> />
> >            <transportConnector name="ssl" uri="ssl://0.0.0.0:24001" />
> >        </transportConnectors>
> >
> > For testing purposes we have been using the demo broker.ks, broker.ts,
> > client,ks, client.ts files that ship with activemq. We now want to
> generate
> > our own files. I've read
> > how-do-i-use-ssl<http://activemq.apache.org/how-do-i-use-ssl.html> but
> > there is something mysterious to me that I want to understand.
> >
> > I see in activemq-demo.xml where the broker.ks and broker.ts files are
> > configured, but I don't see where client.ks and client.ts are configured.
> > These files are referenced in
> > how-do-i-use-ssl<http://activemq.apache.org/how-do-i-use-ssl.html>,
> > where it says:
> >
> > When starting the client's VM, specify the following system properties:
> >
> > javax.net.ssl.keyStore=/path/to/client.ks
> > javax.net.ssl.keyStorePassword=password
> > javax.net.ssl.trustStore=/path/to/client.ts
> >
> >
> > However, we never did this to our configuration, and I can't find where
> it
> > might have been done for us in the default configuration.
> >
> > So, all this boils down to the simple question: how does
> activemq-demo.xml
> > work? Where is client.ks and client.ts configured for this demo?
> >
> > Thanks,
> > Jim Lloyd
> >
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message