I successfully got ActiveMQ working with SSL and JBOSS. Here's all the information
Follow directions here
http://activemq.apache.org/how-do-i-use-ssl.html
// I don't think it is necessary to update ALL of the following files but I haven't taken the time to figure which are important
activemq-command,xml
<transportConnector name="ssl" uri="ssl://localhost:61617?wantClientAuth=true&needClientAuth=true&transport.commandTracingEnabled=true" />
activemq-demo.xml // probably not needed
<transportConnector name="ssl" uri="ssl://localhost:61617"/>
activemq-dynamic-network-broker1.xml
<transportConnector name="ssl" uri="ssl://localhost:61617?wantClientAuth=true&needClientAuth=true&transport.commandTracingEnabled=true" />
activemq-dynamic-network-broker2.xml
<transportConnector name="ssl" uri="ssl://localhost:61617?wantClientAuth=true&needClientAuth=true&transport.commandTracingEnabled=true" />
activemq-jdbc.xml
<transportConnector name="ssl" uri="ssl://localhost:61617?wantClientAuth=true&needClientAuth=true&transport.commandTracingEnabled=true" />
activemq-security.xml
<transportConnector name="ssl" uri="ssl://localhost:61617?wantClientAuth=true&needClientAuth=true&transport.commandTracingEnabled=true" />
activemq-specjms.xml
<transportConnector name="ssl" uri="ssl://localhost:61617?wantClientAuth=true&needClientAuth=true&transport.commandTracingEnabled=true" />
activemq-static-network-broker1.xml
<transportConnector name="ssl" uri="ssl://localhost:61617?wantClientAuth=true&needClientAuth=true&transport.commandTracingEnabled=true" />
activemq-static-network-broker2.xml
<networkConnector uri="static:(
ssl://localhost:61616)" duplex="true"/>
activemq-throughput.xml
<transportConnector name="ssl" uri="ssl://localhost:61617?needClientAuth=true" />
activemq.xml (inside <broker>
<transportConnector name="ssl" uri="ssl://localhost:61617?needClientAuth=true" />
activemq.xml
<transportConnector name="ssl" uri="ssl://localhost:61617?needClientAuth=true" />
// the following was placed inside AND outside of <broker>
<amq:broker useJmx="false" persistent="false">
<amq:sslContext>
<amq:sslContext
keyStore="c:/ActiveMQ/broker.ks" keyStorePassword="password"
trustStore="c:/ActiveMQ/client.ks" trustStorePassword="password"/>
</amq:sslContext>
<amq:transportConnectors>
<amq:transportConnector uri="ssl://localhost:61616" />
</amq:transportConnectors>
</amq:broker>
Download activemq-cpp-library-3.4.3 project
Download Bloodshed Dev C++
Download Open SSL
Drop all source files from activemq-cpp-library-3.4.3/src/main into a Dev C++ project
Set Dev C++ to build a DLL
Update main/activmq/util/Config.h, insert #define HAVE_OPENSSL 1
Build DLL from Dev C++
Update system PATH variable to point to directory containing the DLL
Update system PATH variable to point to \OpenSSL-Win64\lib
Change your code so that you have
ConnectionFactory connectionFactory =
new ActiveMQConnectionFactory("ssl://localhost:61617");
Update activemq.bat to set info about keystores and trust stores, when starting activemq precede by seting ACTIVEMQ_ENCRYPTION_PASSWORD=activemq
"%_JAVACMD%" %SUNJMX% %ACTIVEMQ_DEBUG_OPTS% %ACTIVEMQ_OPTS% %SSL_OPTS% -Dactivemq.classpath="%ACTIVEMQ_CLASSPATH%" -Dactivemq.home="%ACTIVEMQ_HOME%" -Dactivemq.base="%ACTIVEMQ_BASE%" -Dactivemq.conf="%ACTIVEMQ_CONF%" -Dactivemq.data="%ACTIVEMQ_DATA%" -Djava.io.tmpdir="%ACTIVEMQ_TMP%" -Djavax.net.ssl.keyStore=c:/ActiveMQ/broker.ks -Djavax.net.ssl.keyStorePassword=password -Djavax.net.ssl.trustStore=c:/activemq/broker.ts -Djavax.net.ssl.trustStorePassword=password -jar "%ACTIVEMQ_HOME%/bin/run.jar" %*
Add debug command to activemq
if "%ACTIVEMQ_OPTS%" == "" set ACTIVEMQ_OPTS=-Xms1G -Xmx1G -Djava.util.logging.config.file=logging.properties -Djavax.net.debug=ssl
When starting client add
java -Djavax.net.debug=ssl -Djavax.net.ssl.keyStore=c:/yourpath/client.ks -Djavax.net.ssl.keyStorePassword=password -Djavax.net.ssl.trustStore=c:/yourpath/client.ts -Djavax.net.ssl.trustStorePassword=password
OK, I tried to cover everything. All of this will definitely help you reach your goal of ActiveMQ invocation with server and client SSL validation