activemq-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From luksi1 <>
Subject AMQ design and TLS
Date Tue, 22 Jan 2019 21:41:45 GMT
Hello. I'm going to straight up and apologize that I'm not as fluent in AMQ
as I'd like to be, but regardless of how much I read on AMQ design, I'm not
able to piece reality and good design together in our use-case.

We are building an AMQ cluster (master/slave) with Openwire + AMQP. Traffic
is going to come from a load balancer. We have a network of brokers
configuration as well, where communication will be directly between the
nodes. Today, we ran into a problem where we expose a certificate with the
common name of the loadbalancers DNS-name, which means the other nodes in
the network of brokers cannot perform a hostname validation, as the
certificate common name differs from the hostname. Unfortunately, a subject
alternative name is not an option. So like all "gitta 'er done" technicians,
we turned off hostname validation and everything works. This though isn't
really optimal.

I suppose  we could route the traffic via the loadbalancer, but that seems
sub-optimal. Any ideas?

Sent from:

View raw message