How to activemq in ssl
I'm trying to send messages via jms (activemq) but I want it to be in ssl protocol. It actuality works in tcp for now.
I use jndi, with a virtual topic and 2 queues. Could somebody help me, I tryed this but I get stuck the server won't start :
http://activemq.apache.org/how-do-i-use-ssl.html
thx
edit : The log says : "The reference to entity "needClientAuth" must end with the ';' delimiter."
Answer
I will answer my own question :
First of all inside ..../apache-activemq-5.11.1/conf/activemq.xml :
<transportConnectors>
<transportConnector name="ssl" uri="ssl://0.0.0.0:61617?trace=true&needClientAuth=true"/>
</transportConnectors>
Don't forget the & amp; (without the space) that's what was blocking on the server side. On activemq page it isn't written. As well don't forget to open your port. Here (61617)
Still inside activemq.xml
<sslContext>
<sslContext keyStore="file:${activemq.base}/conf/amq-server.ks"
keyStorePassword="PASSWORD"
trustStore="file:${activemq.base}/conf/amq-server.ts"
trustStorePassword="PASSWORD" />
</sslContext>
Restart JMS; This time it should be OK. Now that your server side is OK Let's go for the client.
I have done this in activemq ..../apache-activemq-5.11.1/conf : (follow what is asked, names, pass, etc...).
## Create a keystore for the broker SERVER
$ keytool -genkey -alias amq-server -keyalg RSA -keysize 2048 -validity 90 -keystore amq-server.ks
## Export the broker SERVER certificate from the keystore
$ keytool -export -alias amq-server -keystore amq-server.ks -file amq-server_cert
## Create the CLIENT keystore
$ keytool -genkey -alias amq-client -keyalg RSA -keysize 2048 -validity 90 -keystore amq-client.ks
## Import the previous exported broker's certificate into a CLIENT truststore
$ keytool -import -alias amq-server -keystore amq-client.ts -file amq-server_cert
## If you want to make trusted also the client, you must export the client's certificate from the keystore
$ keytool -export -alias amq-client -keystore amq-client.ks -file amq-client_cert
## Import the client's exported certificate into a broker SERVER truststore
$ keytool -import -alias amq-client -keystore amq-server.ts -file amq-client_cert
Then I downloaded with the help of https://winscp.net/eng/index.php my "amq-client.ts" and "amq-client.ks" from my server to my PC (I dev on windows and server on linux).
I used this two files as source in eclipse. (I won't explain how to).
Finally in eclipse I had to change only one thing I had to replace QueueConnectionFactory by ActiveMQSslConnectionFactory:
So I erased
QueueConnectionFactory connFactory = (QueueConnectionFactory) ctx
.lookup("jms/ConnectionFactory");
And in place of that did :
ActiveMQSslConnectionFactory connectionFactory = new ActiveMQSslConnectionFactory(url);
try {
connectionFactory.setTrustStore(CLIENT_TS_FILE);
connectionFactory.setTrustStorePassword("PASSWORD asked while TS file made");
connectionFactory.setKeyStore(CLIENT_KS_FILE);
connectionFactory.setKeyStorePassword("PASSWORD asked while KS file made");
} catch (Exception e) {
throw new MotorException(
"JMS Connection Failed (Trust store or key store weren't found) : ",
e);
}
Very little was on internet at least for activemq and ssl it might help someone.