How to activemq in ssl

Question

I\'m trying to send messages via jms (activemq) but I want it to be in ssl protocol. It actuality works in tcp for now.

I use jndi, with a virtual topic and 2 queue

Answer 1

I will answer my own question :

First of all inside ..../apache-activemq-5.11.1/conf/activemq.xml :

<transportConnectors>
  <transportConnector name="ssl" uri="ssl://0.0.0.0:61617?trace=true&amp;needClientAuth=true"/>
</transportConnectors>

Don't forget the & amp; (without the space) that's what was blocking on the server side. On activemq page it isn't written. As well don't forget to open your port. Here (61617)

Still inside activemq.xml

<sslContext>
     <sslContext keyStore="file:${activemq.base}/conf/amq-server.ks" 
                 keyStorePassword="PASSWORD" 
                 trustStore="file:${activemq.base}/conf/amq-server.ts" 
                 trustStorePassword="PASSWORD" />
  </sslContext>

Restart JMS; This time it should be OK. Now that your server side is OK Let's go for the client.

I have done this in activemq ..../apache-activemq-5.11.1/conf : (follow what is asked, names, pass, etc...).

## Create a keystore for the broker SERVER
$ keytool -genkey -alias amq-server -keyalg RSA -keysize 2048 -validity 90 -keystore amq-server.ks

## Export the broker SERVER certificate from the keystore
$ keytool -export -alias amq-server -keystore amq-server.ks -file amq-server_cert

## Create the CLIENT keystore
$ keytool -genkey -alias amq-client -keyalg RSA -keysize 2048 -validity 90 -keystore amq-client.ks

## Import the previous exported broker's certificate into a CLIENT truststore
$ keytool -import -alias amq-server -keystore amq-client.ts -file amq-server_cert

## If you want to make trusted also the client, you must export the client's certificate from the keystore
$ keytool -export -alias amq-client -keystore amq-client.ks -file amq-client_cert

## Import the client's exported certificate into a broker SERVER truststore
$ keytool -import -alias amq-client -keystore amq-server.ts -file amq-client_cert

Then I downloaded with the help of https://winscp.net/eng/index.php my "amq-client.ts" and "amq-client.ks" from my server to my PC (I dev on windows and server on linux).

I used this two files as source in eclipse. (I won't explain how to).

Finally in eclipse I had to change only one thing I had to replace QueueConnectionFactory by ActiveMQSslConnectionFactory:

So I erased

QueueConnectionFactory connFactory = (QueueConnectionFactory) ctx
                    .lookup("jms/ConnectionFactory");

And in place of that did :

ActiveMQSslConnectionFactory connectionFactory = new ActiveMQSslConnectionFactory(url);
            try {
                connectionFactory.setTrustStore(CLIENT_TS_FILE);
                connectionFactory.setTrustStorePassword("PASSWORD asked while TS file made");
                connectionFactory.setKeyStore(CLIENT_KS_FILE);
                connectionFactory.setKeyStorePassword("PASSWORD asked while KS file made");
            } catch (Exception e) {
                throw new MotorException(
                        "JMS Connection Failed (Trust store or key store weren't found) : ",
                        e);
            }

Very little was on internet at least for activemq and ssl it might help someone.