activemq-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Shannon <>
Subject Re: Configure activemq-client to trust any SSL certificate from the broker without verifying it
Date Wed, 29 Nov 2017 19:08:56 GMT
In 5.x it isn't quite as simple.

To trust all you'll need to extend ActiveMQSslConnectionFactory and
override the createTrustManager() method.  This should work:
protected TrustManager[] createTrustManager() throws Exception {
return new TrustManager[] { new X509TrustManager() {
public X509Certificate[] getAcceptedIssuers() {
return new X509Certificate[] {};

public void checkClientTrusted(final X509Certificate[] chain, final String
throws {

public void checkServerTrusted(final X509Certificate[] chain, final String
throws {
} };

Another example of this is how you can do this with Netty.  Artemis
achieves this by using the InsecureTrustManagerFactory class that is part
of Netty.  See:

To disable verifying host name you need to override the hostname verifier.
You could override the createTransport method.  I think something like this
would work:

protected Transport createTransport() throws JMSException {

final HostnameVerifier allHostsValid = new HostnameVerifier() {
public boolean verify(String arg0, SSLSession arg1) {
return true;

// Install the all-trusting host verifier

return super.createTransport();

On Wed, Nov 29, 2017 at 5:52 AM, Jiri Danek <> wrote:

> Hi,
> I need to configure activemq-client not to perform broker cerificate
> validation. I need this for testing purposes, because I need to test the
> system over SSL, but I do not yet have certificate distribution solved.
> In Artemis, with artemis-jms-client, there is verifyHost=false and
> trustAll=true connection url properties I can use for this purpose. How do
> I achieve the same with ActiveMQ?
> Thanks!
> --
> Jiri Daněk

  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message