How to activemq in ssl

后端未结

关注

 1  1450

花落未央 2020-12-31 19:47

I\'m trying to send messages via jms (activemq) but I want it to be in ssl protocol. It actuality works in tcp for now.

I use jndi, with a virtual topic and 2 queue

1条回答

渐次进展 (楼主)

2020-12-31 20:17

I will answer my own question :

First of all inside ..../apache-activemq-5.11.1/conf/activemq.xml :

Don't forget the & amp; (without the space) that's what was blocking on the server side. On activemq page it isn't written. As well don't forget to open your port. Here (61617)

Still inside activemq.xml

Restart JMS; This time it should be OK. Now that your server side is OK Let's go for the client.

I have done this in activemq ..../apache-activemq-5.11.1/conf : (follow what is asked, names, pass, etc...).

## Create a keystore for the broker SERVER
$ keytool -genkey -alias amq-server -keyalg RSA -keysize 2048 -validity 90 -keystore amq-server.ks

## Export the broker SERVER certificate from the keystore
$ keytool -export -alias amq-server -keystore amq-server.ks -file amq-server_cert

## Create the CLIENT keystore
$ keytool -genkey -alias amq-client -keyalg RSA -keysize 2048 -validity 90 -keystore amq-client.ks

## Import the previous exported broker's certificate into a CLIENT truststore
$ keytool -import -alias amq-server -keystore amq-client.ts -file amq-server_cert

## If you want to make trusted also the client, you must export the client's certificate from the keystore
$ keytool -export -alias amq-client -keystore amq-client.ks -file amq-client_cert

## Import the client's exported certificate into a broker SERVER truststore
$ keytool -import -alias amq-client -keystore amq-server.ts -file amq-client_cert

Then I downloaded with the help of https://winscp.net/eng/index.php my "amq-client.ts" and "amq-client.ks" from my server to my PC (I dev on windows and server on linux).

I used this two files as source in eclipse. (I won't explain how to).

Finally in eclipse I had to change only one thing I had to replace QueueConnectionFactory by ActiveMQSslConnectionFactory:

So I erased

QueueConnectionFactory connFactory = (QueueConnectionFactory) ctx
                    .lookup("jms/ConnectionFactory");

And in place of that did :

ActiveMQSslConnectionFactory connectionFactory = new ActiveMQSslConnectionFactory(url);
            try {
                connectionFactory.setTrustStore(CLIENT_TS_FILE);
                connectionFactory.setTrustStorePassword("PASSWORD asked while TS file made");
                connectionFactory.setKeyStore(CLIENT_KS_FILE);
                connectionFactory.setKeyStorePassword("PASSWORD asked while KS file made");
            } catch (Exception e) {
                throw new MotorException(
                        "JMS Connection Failed (Trust store or key store weren't found) : ",
                        e);
            }

Very little was on internet at least for activemq and ssl it might help someone.

0 讨论(0)